Open  source  makeover 

The  popular  GNU  General  Public  License  is  set  for  a 
major  overhaul  —  its  first  since  1991.  PAGE  10. 


Face-Off:  Assessing  security 

Is  penetration  testing  better  than  vulnerability  scan¬ 
ning?  Paul  Paget  of  Core  Security  says  yes.  Ron  Gula 
of  Tenable  Network  Security  says  no.  PAGE  44. 


The  SOA  treatment 

Vendors  such  as  BEA,  IBM  and  Oracle  are  trying  to  ease 
software  development  by  outfitting  application  servers 
with  service-oriented  architecture  features.  PAGE  38. 
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‘Reverse  engineering’ 


IT  shops  finding  buyers  for  their  in-house  software. 


BY  ANN  BEDNARZ 

Like  many  of  the 
largest  compa¬ 
nies,  Merrill 
Lynch  can’t  always  buy 
the  IT  tools  it  wants. 

Sometimes  they  just 
don’t  exist.That’s  why 
four  years  ago  the 
financial  services 
firm  started  building 
its  own  software  to 
expose  mainframe 
resources  to  other 
applications  via  Web 
services. 

The  firm  went  the  homegrown  route  after  unsuccessfully 
searching  for  a  packaged  product  that  met  its  needs,  says  Andy 
Brown,  chief  technology  architect.  Nothing  surfaced  at  the  time 

See  Merrill  Lynch,  page  14 
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Web  app  firewalls 
take  on  more  heat 


BY  TIM  GREENE 

Over  the  next  few  months  Web 
application  firewall  vendors  Cit- 
rix,F5  Networks,  Imperva,NetCon- 
tinuum  and  Protegrity  will  add 
features  that  let  their  products 
take  on  bigger  roles  in  speeding 
traffic  to  server  farms  and  better 
protecting  networked  corporate 
data. 

While  traditional  firewalls  have 
blocked  packets  effectively  at 
Layer  3  for  years,  they  are  proving 
ineffective  against  attacks  that 
prey  on  application  weaknesses. 
Web  application  firewalls  detect 
application  anomalies  and 
whether  sensitive  data  —  such  as 
credit  card  and  Social  Security 
numbers  —  is  being  tapped  and 


can  block  or  mask  it. 

Many  businesses  with  Web 
applications  get  along  without 
Web  application  firewalls,  says 
Rob  Whiteley,  an  analyst  with 
Forrester  Research.  Most  protect 
the  traffic  with  SSL  encryption, 
and  some  use  SSL  VPNs  to  make 
sure  authorized  people  are  con¬ 


necting  to  the  Web  applications. 

But  high-stakes  financial  ser¬ 
vices  businesses,  for  instance, 
often  turn  to  these  devices, 
Whiteley  says.  “Application  fire¬ 
walls  are  for  those  who  cannot 
afford  to  have  anything  go  wrong. 
It’s  not  like  you’re  leaving  a  gap¬ 
ing  hole  by  not  having  an  appli¬ 


We  tested  Juniper’s  new 
gateway,  which  combines 
firewall,  VPN  and 

IPS.  Page  56. 
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cation  firewall,”  he  says.  “It’s  just 
giving  yourself  an  extra  measure 
of  protection.” 

Web  application  fire¬ 
walls  are  being  integrated 
with  load  balancers  and 
application  switches  that 
ensure  the  availability  of 
Web  applications  to  create  prod¬ 
ucts  that  address  accessibility  and 
See  Firewalls,  page  16 


Automation:  Better  but  not  yet  automatic 


BY  DENISE  DUBIE 

Automation  has  come  a  long 
way  since  the  days  of  running 
batch  jobs  on  mainframes,  but 
given  the  complexity  of  today’s 
distributed  networks,  the  technol¬ 
ogy  still  has  plenty  of  growing  up 
to  do,  experts  say. 

Network  managers  today  can 


use  automation  in  innovative 
ways  to  reduce  costs  and  labor, 
and  to  speed  problem  resolution 
when  performance  degrades  or 
failures  occur.  Systems  manage¬ 
ment  heavyweights  IBM  and  HP 
have  been  adding  automation  to 
their  product  suites  in  an  effort  to 
entice  customers  into  supporting 


their  utility  computing  product 
road  maps. 

For  example,  IBM  this  week  is 
scheduled  to  introduce  several 
products  within  its  Tivoli  software 
division  designed  to  lessen  the 
need  for  manual  intervention 
when  monitoring  cross-platform 
systems,  applications  and  service- 
oriented  architectures.  The  com¬ 
pany  also  plans  to  ship  later  this 
month  the  second  generation  of  a 
virtualization  package  that  in¬ 
cludes  software  to  automatical¬ 
ly  provision  systems  and  man¬ 
age  workloads  across  pools  of 
network,  server  and  storage  re¬ 
sources.  Separately,  HP  is  set  to  re¬ 
lease  software  that  automatically 
See  Automation,  page  68 
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A  Shipper  Processing  5  Terabytes  of  Data. 

Running  on  Microsoft  SQL  Server  2005. 


Mediterranean  Shipping  Company,  the  world's  second  largest  containership  operator,  tracks 
cargo  out  of  250  ports.  Upgrading  their  database  to  new  SQL  Server™ 2005  running  on 
Windows  Server™  2003  delivered  99.999%  availability*  See  how  at  microsoft.com/bigdata 
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YOUR  NETWORK  APPLICATIONS 
INSIDE  A  SAFE. 

IN  AN  ARMORED  CAR. 

INSIDE  FORT  KNOX. 

WITH  A  ROTTWEILER. 


OVERACHIEVE 


F5  not  only  protects  your  network  applications 
from  security  threats,  but  ensures  those  applications 
run  faster  and  are  always  available. 

The  F5  mission  is  to  make  your  applications  do 
what  they  were  designed  to  do:  perform.  & 

More  than  9,000  organizations  around  the  V 
world  overachieve  with  F5  Networks.  Can  yours? 


THE  WORLD  RUNS  BETTER  WITH  F5 

WWW.F5.COM 
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Network  World  ITVideo 

The  Hot  Seat  with  John  Gallant: 
Security  start-up  Bit9  protects 
enterprise  systems  by  blocking 
unwanted  software  on  the  desktop 
and  server.  John  Hanratty,  Bit9's  co- 
founder,  gets  in  the  Hot  Seat  to 
explain  his  company's  approach  to 
security  DocFinder:  1133 

Cool  Tools:  Best  tech  holiday  gifts 

With  a  little  inspiration  from  a  classic 
game  show,  Editor  Keith  Shaw  high¬ 
lights  gifts  from  our  annual  Cool 
Yule  Tools  Holiday  Gift  Guide  that  are 
sure  to  please  your  friends,  family  or 
yourself  DocFinder:  9951 

Cool  Yule  Tools  Holiday  Gift  Guide 

We've  reviewed  more  than  100  high- 


tech  products  for  the  home  and 
office  you'll  want  to  give  to  your 
friends,  family  or  yourself. 

DocFinder:  9834 

Network  World  Podcast:  The  SANS 
top  20  vulnerabilities 

Rohit  Dhamankar,  project  manager 
for  the  SANS  Top  20,  discusses 
what's  new  on  the  list  and  who  is 
exploiting  these  security  vulnerabili¬ 
ties.  DocFinder:  1134 

Network  World  Radio:  ICE 

Cisco's  Cullen  Jennings  explains  how 
the  up-and-coming  VoIP  standard 
Interactive  Connectivity  Establishment 
works  and  what  its  killer  application 
might  be  —  and  it's  not  straight 
VoIP  DocFinder:  1135 
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Juniper  Networks'  new  chassis  combines  firewall,  VPN  and 
IPS.  Page  56. 


■  Juniper's  Integrated  Security  Gateway  2000  is  a  fire¬ 
wall/VPN  with  space  for  three  additional  security  blades. 


Face-Off: 

Is  penetration  testing 
more  effective  than  vul¬ 
nerability  scanning?  Paul 
Paget  of  Core  Security  Technologies  says  yes.  Ron  Gula  of 
Tenable  Network  Security  says  no.  Page  44. 
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Online  help  and  advice 

Branch  Office  Best  Practices 

In  our  new  weekly  column,  Robin 
Gareiss  details  why  you  need  specif¬ 
ic,  measurable  action  plans  for  han¬ 
dling  the  IT  needs  of  your  branch 
offices  and  how  you  can  start. 
DocFinder:  1136 

Home  Base 

Technology  Editor  Sandra  Gittlen 
looks  at  the  IT  overhaul  one  Chicago 
firm  got  from  CDW,  Intel,  Lenovo  and 
Linksys. 

DocFinder:  1137 


Small  Business  Tech 

Columnist  James  Gaskin  looks  at 
MioNet,  which  combines  file  sharing 
and  remote  desktop  control. 

DocFinder:  1138 

IT  Borderlands 

Columnist  Ken  Fasimpaur  runs 
across  a  vendor  support  site  that 
really  seems  to  want  user  feedback. 
He  ponders  the  miracle  this  is  and 
wonders  what  good  vendor  or 
e-commerce  sites  you've  seen. 
DocFinder:  9984 


Seminars  and  events 

Free  event  for  IT  executives 

What  do  industry  insiders  predict  for  the  coming  year?  Find  out  at  IT 
Roadmap  '06:  What’s  New,  What's  Next,  and  What  to  Buy  Now.  John  Gallant 
and  Johna  Till  Johnson  provide  concrete  answers  to  the  questions  that  plague 
executives  responsible  for  IT  spending.  Qualify  to  attend  free  —  and  the 
opportunity  to  win  a  42-inch  plasma  TV  when  you  attend.  DocFinder:  1139 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder  1001 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 


6  •  www.networkworld.com  •  12.5.05 


Cisco  iOS  security  hole  surfaces 

Bl  Security  researchers  last  week  said  they  discovered  a  hole  in  the  Web-s 
er  code  in  Cisco’s  IOS  software.  The  vulnerability  as  reported  by  the 
security  organizations  Secunia  and  SecurityFocus,  could  let  a  poten¬ 
tial  attacker  view  a  memory  dump  of  an  IOS  router  via  the  HTTP 
server  and  inject  script  code  into  the  router  through  the  server.  The 
vulnerability  affects  only  Cisco  routers  running  IOS  HTTP  servers, 
which  are  used  as  an  alternative  management  interface  to  the  text- 
based  command  line  for  configuring  routers.  Cisco  said  it  was 
investigating  the  issue. 


TheGoodTheBadTheUgly 

<  Retailers  pass  the  test.  Web  perform¬ 
ance  watcher  Keynote  says  mpjor  retail  Web  sites  barely 
flinched  despite  a  big  increase  in  traffic  last  week  on  Cyber 
Monday,  a  term  used  to  refer  to  the  first  big  online  shopping 
day  of  the  holiday  season.  The  average  time  for  completing  a 
search-and-buy  transaction  was  about  14  seconds,  which 
Keynote  Senior  Internet  Analyst  Roopak  Patel  describes  as 
“well  within  the  tolerance  for  acceptability." 

Wireless  providers  need  work,  only 

one  in  eight  wireless  customers  considers  their  carrier's 
customer  service  excellent,  according  to  a  new  report  from  market 
watcher  In-Stat.  On  the  bright  side,  service  providers  have  made  some 
progress  reducing  customer  churn  and  complaint  rates. 


More  execs  leave  Nortel 

■  Nortel’s  shake-up  continues.  The  company  has 
dismissed  two  senior-level  executives  two  weeks 
after  a  new  CEO  took  up  the  reins  of  the  troubled 
company.  Brian  McFadden,  a  28-year  Nortel  veter¬ 
an,  and  Sue  Spradleywho  had  been  at  the  compa¬ 
ny  18  years,  left  the  telecom  vendor  early  last 
week.  McFadden  had  been  chief  research  officer, 
and  Spradley  president  of  global  services  and 
operations.  Nortel  gave  no  reason  for  their  depar¬ 
tures.  McFadden  and  Spradley  follow  ex-CEO  Bill 
Owens  and  Enterprise  Division  President  Malcolm 
Collins  out  the  door.  Nortel  recently  announced 
that  Owens  would  be  replaced  by  former  Motorola 
COO  Mike  Zafirovski.  Owens’  departure  came  five 
months  after  two  ex-Cisco  executives  whom  Nortel 
had  tapped  to  be  COO  and  CTO  left  the  company 
after  three  months,  following  disputes  with  Owens. 
Owens  is  credited  with  getting  Nortel  back  on 
track  after  an  accounting  scandal  forced  the  com¬ 
pany  to  restate  years  of  financial  results. 

Hackers  publish  Windows  attacks 

S  Hackers  have  given  network  professionals  more 
reasons  to  update  users’  Windows  PCs:  samples  of 
software  that  could  be  used  to  attack  an  unpatched 
Windows  system.  The  latest  examples,  posted  to  the 
French  Security  Incident  Response  Team  Web  site, 
take  advantage  of  the  same  two  flaws  that  were 

COMPENDIUM 

A  smashing  success 

Some  guy  convinces  enough  'Net  users  to 
donate  $430  so  he  can  get  in  line  for  55 
hours,  buy  one  of  the  first  Xbox  360s  at  a 
local  store  —  and  then  smash  it  to  pieces 
with  a  sledgehammer  in  front  of  horrified 
fanboys.  See  the  proof  at  www.network 
world.com,  DocFinder:  1146. 
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exploited 


“The  result  is  that  we  are 
taught,  yet  again,  that  if  you 
want  to  get  a  vendor’s  attention 
to  a  flaw  in  their  product,  you 
need  to  create  an  exploit  and 
publish  it.  Just  telling  them  is 
not  sufficient.’’ 

Russ  Cooper,  editor  of  the  NTBugtraq  newslist  and  a  scientist 
with  security  vendor  Cybertrust,  referring  to  a  flaw  in  Microsoft's 
browser. 

See  story  at  www.networkworld.com,  DocFinder:  1147. 


earlier  in  the  week.  One  of  these  attacks,  which  can 
be  used  to  crash  a  system,  exploits  a  critical  vulnera¬ 
bility  in  the  way  that  Windows  processes  files  saved  in 
the  Windows  Metafile  graphics  format.  Microsoft 
fixed  this  Metafile  bug  in  its  MS05-053  Security 
Update,  released  Nov.  8,  so  only  customers  who  have 
not  yet  applied  this  patch  are  at  risk  from  this  new 
attack.  The  second  attack  targets  a  flaw  in  the 
Microsoft  Distributed  Transaction  Coordinator 
(MSDTC),  which  was  patched  in  October’s  MS05-051 
Security  Update.  The  MSDTC  is  a  component  of  the 
operating  system  that  is  commonly  used  by  database 
software  to  help  manage  transactions. 

City  to  create  wireless-mesh  net 

■  New  Orleans  officials  last  week  announced  an 
expansion  of  the  city’s  existing  wireless-mesh  net¬ 
work,  which  supports  a  system  of  police  surveillance 
cameras.  Using  $1  million  in  donated  equipment  and 
software  from  Tropos,  Pronto  and  Intel,  the  expanded 
mesh  will  eventually  blanket  the  city,  supporting  a 
secure  net  for  police  and  other  city  employees  and 


Here  comes  Eliot.  You  knew  it  couldn't  be  long  before  the 
Sony  CD  spyware  controversy  got  the  attention  of  Eliot  Spitzer,  attor¬ 
ney  general  for  the  state  of  New  York.  Spitzer,  who  has  gone  after 
everyone  from  hackers  to  Wall  Street  honchos,  began  looking  into 
Sony's  use  of  the  XCP  (extended  copy  protection)  software  over  the 
past  couple  of  weeks,  said  Brad  Maione,  a  spokesman  for  Spitzer’s 
office.  Maione  declined  to  say  whether  or  not  his  office  was  planning 
legal  action  against  Sony,  which  was  recently  sued  by  Texas  Attorney 
General  Greg  Abbott,  who  accused  the  company  of  violating  his  state's 
2005  anti-spyware  law. 


offering  free  Internet  access  to  all  residents  who  have 
a  computer  with  a  wireless  card.  Its  bandwidth  will 
be  512K  bit/sec  as  long  as  the  city  remains  under  a 
state  of  emergency  But  bandwidth  will  drop  to  128K 
bit/sec  afterward,  to  comply  with  a  state  law  restrict¬ 
ing  municipal  broadband  nets. 

Iron  Mountain  buys  LiveVault 

■  Data-protection  company  Iron  Mountain  last 
week  announced  it  is  buying  LiveVault, a  provider  of 
online  server  back-up  and  recovery  services.  The 
companies  know  each  other  well.  Iron  Mountain 
has  been  an  investor  in  LiveVault  since  2000  and 
owns  nearly  14%  of  the  company.  Iron  Mountain  will 
pay  about  $42  million  for  the  rest.  The  companies 
also  have  partnered  for  the  past  five  years,  with  Iron 
Mountain  serving  as  LiveVault’s  largest  sales  chan¬ 
nel.  LiveVault  offers  disk-based  backup  and  recov¬ 
ery  for  small  and  midsize  companies  and  remote 
offices  of  larger  companies.The  company  says  it  has 
more  than  2,000  corporate  customers.  The  buyout 
complements  Iron  Mountain’s  acquisition  last  year 
of  Connected  Corp.,  a  provider  of  PC  back-up  and 
recovery  offerings. 

F-Secure  buys  ROMmon 

■  Finnish  security  vendor  F-Secure  has  acquired 
network-monitoring  appliance  vendor  ROMmon. 
The  deal  will  give  F-Secure  a  new  device  to  add  to 
its  line  of  security  products  for  ISPs.  ROMmon’s 
product,  renamed  F-Secure  Network  Control 
Appliance,  will  eventually  be  integrated  into  new 
security  products  for  ISPs.  Terms  of  the  deal  were 
not  disclosed. 
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Breakthrough  Technology: 

Maximum  System  Performance  -Automatically 


INTRODUCING  NEW  _ 

Diskeeper/O 

The  Number  One  Automatic  Defragmenter™ 

It’s  a  known  fact  fragmentation  cuts  directly  across  the  integrity  of  your 
systems  causing  crashes,  slowdowns,  freeze-ups  and  even  total 
system  failures. 

NEW  Diskeeper  10  provides  new  adaptive  technology  designed  to  wring 
every  last  drop  of  performance  out  of  every  computer  on  your  network. 

No  more  complaints  from  users  waiting  50  seconds  opening  a  Word 
document,  45  seconds  saving  a  file  or  70  seconds  searching  for  one.* 
With  Diskeeper’s  advanced  automatic  “Set  It  and  Forget  It”®  technology, 
peak  performance  is  maintained  -  automatically! 

Diskeeper  10  “Set  It  and  Forget  It”  Features 

•  NEW!  I-FAAST™  (Intelligent  File  Access  Acceleration  Sequencing 
Technology),  breakthrough  disk  performance  calibration  technology 
that  boosts  access  speeds  for  the  most  commonly  accessed  files. 


•  NEW!  Core  enhancements  provide  faster,  more  thorough 
defragmentation 

•  NEW!  Enhanced  I/O  Smart™  intelligently  provides  transparent 
defragmentation  ensuring  uninterrupted  system  operation. 

•  EXCLUSIVE!  “Set  It  and  Forget  It”  scheduling  includes 
SmartScheduling™  for  fully  customized  and  automatic 

defragmentation  based  on  individual  usage  patterns. 

•  NEW!  Enhanced  user  interface  provides  easy  configuration  and 
scheduling  as  well  as  reports  on  disk  health,  real  time  performance 
and  fragmentation  statistics. 

•  NEW!  Native  64  bit  operating  systems  support. 

Every  system  on  your  network  needs  Diskeeper,  The  Number  One 
Automatic  Defragmenter  with  over  17  million  licenses  sold! 

Volume  licensing  and  Government  /  Education  discounts  are  available 
from  your  favorite  reseller  or  call  800-829-6468  code  4342 


•  NEW!  Terabyte  Volume  Engine™  defrags  large  volumes,  SANs, 
RAIDs  and  NAS,  quickly  and  thoroughly. 


'Windows®  IT  Pro,  The  Impact  of  Disk  Fragmentation  white  paper 


©2005  Diskeeper  Corporation.  All  Rights  Reserved.  Diskeeper.  The  Number  One  Automatic  Defragmenter,  l-FAAST,  I/O  Smart.  SmartScheduling,  Terabte  Volume  Engine,  "Set  It  and  Forget  It",  and 
the  Diskeeper  Corporation  logo  are  registered  trademarks  or  trademarks  owned  by  Diskeeper  Corporation  in  the  United  States  and/or  other  countries.  Windows  is  a  registered  trademark  or 
trademark  owned  by  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  Diskeeper  Corporation  •  7590  N.  Glenoaks  Blvd.  Burbank,  CA  91504  •  800-829-6468  •  www.diskeeper.com 
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Users  urge  BlackBerry  maker  to  settle 


A  losing  battle? 


BlackBerry  maker  Research  in  Motion  last  week  suffered  another  setback  in  the  long-running  patent  infringement  case  brought  by  NTR 
Here's  a  recap  of  the  case. 


November  2001 

NTP  files  a  complaint  that  claims  RIM's  BlackBerry 
infringes  on  several  NTP  patents,  awarded  originally 
to  NTP  co-founder  Thomas  Campana. 

I 


December  2004 

Appeals  Court  cancels  the  injunction,  sends 
back  the  decision  for  some  fine-tuning,  but 
agrees  that  RIM  infringed  on  NTP's  patents. 


June  2005 

Patent  Office  made  a  preliminary  ruling  that  the  claims  in  seven  of  eight 
NTP  patents  are  invalid;  RIM  asks  court  to  enforce  the  terms  of  the 
settlement,  and  stay  proceedings  pending  final  Patent  Office  rulings. 

I 


2001 

November  2002  - 

U.S,  District  Court  jury  finds  in 
favor  of  NTP,  awarding  it  $23 
million  in  damages;  RIM  appeals. 


2002 


2003  2004 

March  2005  I 

RIM  and  NTP  announce  a 
settlement,  with  RIM  to  pay 
$450  million  and  future  royalties. 


2005 


1 


November  2005 

District  Court  Judge  James  Spencer  rules 
the  March  settlement  is  not  enforceable, 
and  declines  to  grant  any  further  stay. 


BY  JOHN  COX 

The  latest  setback  for  Research 
in  Motion  in  its  long-running 
patent  infringement  battle  has  at 
least  some  users  saying  it  is  time 
for  the  BlackBerry  maker  to  give 
up  the  fight  and  settle. 

The  company’s  legal  woes  have 
raised  the  specter  of  users  of  the 
popular  e-mail  devices  getting 
their  service  cut  off,  though  legal 
experts  and  industry  observers 
say  that  is  highly  unlikely 

That’s  especially  true  given  that 
RIM  last  week  was  given  another 
chance  to  settle.  Just  days  after  a 
federal  judge’s  rulings  against 
RIM,  its  legal  adversary  NTR  sent 
RIM  an  offer  of  a  license  contract, 
with  a  royalty  rate  of  5.7%. 

NTP  is  a  patent  holder  and 
licensing  company  co-founded 
by  Thomas  Campana,  an  engineer 
and  inventor  to  whom  the  original 
patents  in  this  case  were  issued. 
He  died  last  year.  NTP  in  a  suit 
filed  in  2001  claimed  that  RIM’s 
products  and  services  infringed 
those  patents. 

Last  week,  U.S.  District  Court 
Judge  James  Spencer  for  the 
Eastern  District  of  Virginia  denied 
a  request  by  RIM  to  enforce  the 
terms  of  a  $450  million  settlement 
that  RIM  had  negotiated  with  NTP 
earlier  this  year.  For  reasons  that 


haven’t  been  made  public,  the 
two  companies  didn’t  consum¬ 
mate  that  deal.  According  to  RIM’s 
Web  site,  Spencer  concluded  that 
the  settlement  was  not  an  “en¬ 
forceable  agreement”  (see  details 
at  www.networkworld.  com,  Doc- 
Finder:  1148).  Spencer  also  de¬ 
nied  a  RIM  motion  to  hold  off 
court  proceedings  “until  the  U.S. 
Patent  &  Trademark  Office  reach¬ 
es  a  final  determination  in  its  reex¬ 
amination  of  the  NTP  patents.” 

Ironically  the  day  after  Spencer’s 
ruling,  the  Patent  Office  issued  yet 
another  preliminary  rejection  of 


yet  another  NTP  patent  claim, 
according  to  an  Associated  Press 
story  RIM  argues  these  rejections 
show  NTP’s  patents  are  invalid.The 
ruling  could  not  be  confirmed  by 
Network  World’s  deadline. 

The  5.7%  royalty  rate  offered  by 
NTP  is  the  same  rate  that  a  jury 
previously  had  ruled  was  fair, 
according  to  Don  Stout,  a  partner 
at  the  firm  of  Antonelli, Terry  Stout 
&  Kraus  LLP  and  the  other  co¬ 
founder  of  NTP  Stout  now  does 
NTP’s  legal  work  and  still  holds 
company  stock.  That  trial  ended 
in  a  victory  for  NTRand  the  essen¬ 


tial  finding  —  that  RIM  had 
infringed  —  was  upheld  by  an 
appeals  court. 

“We’re  saying  to  them/you  have 
the  opportunity  to  settle,”’  Stout 
says.  RIM  did  not  respond  to  a 
request  for  comment  by  deadline. 

RIM  should  take  the  offer,  users 
say 

“The  BlackBerry  is  a  very  big 
piece  of  the  technology  picture  at 
our  firm,”  says  Frank  Gillman, 
director  of  technology  for  Allen 
Matkins  LLP  a  law  firm  in  Los 
Angeles.  Nearly  every  lawyer  and 
all  of  the  top  management  staff 


have  the  e-mail  devices,  about  250 
in  all. 

“The  BlackBerry  has  such  a  per¬ 
vasive  presence  in  legal, entertain¬ 
ment,  medical  and  other  client- 
oriented  businesses,  and  in  half 
the  [U.S.]  government,”  Gillman 
says.“RIM’s  going  to  have  to  come 
to  the  table  and  say  ‘what  do  we 
need  to  do’  to  settle?” 

RIM  still  faces  the  possibility  of  a 
new  injunction  that  could  shut 
down  its  service  and  product 
sales  in  the  United  States.  That’s 
not  what  NTP  wants.  “It’s  only  if 
they  refuse  to  pay  that  we’re  going 
to  shut  them  down,”  he  says. 

RIM  says  it  has  created  soft¬ 
ware  that  would  allow  its  service 
to  continue  running  without  in¬ 
fringing  NTP  patents.  “Our  posi¬ 
tion  is  that  this  design-around  is 
[still]  covered  by  our  patents,” 
Stout  says. 

The  promised  software  fails  to 
comfort.  “They  say  they  have 
patches  and  ways  that  will  enable 
the  customer  base  to  continue  to 
use  these  products,”  Gillman  says. 
“Clearly  what  they  don’t  say  is, ‘it’s 
going  to  be  a  royal  pain  in  the  butt 
to  download  all  these  patches, de¬ 
ploy  them, administer  the  change¬ 
over  and  everything  else.’  It’s  going 
to  be  complicated.” 

Consulting  firm  TowerGroup  says 
a  court  ruling  in  favor  of  NTP  is  un¬ 
likely  to  lead  to  a  wholesale  shut¬ 
down  of  RIM’s  service.The  firm  ex¬ 
pects  the  two  companies  to  reach 
a  settlement  within  30  days,  with 
RIM  agreeing  to  pay  $750  million 
to  $1  billion.That  could  eventually 
lead  to  higher  costs  for  companies 
that  rely  on  the  BlackBerry, 
TowerGroup  says.  ■ 


Wireless  laptops  get  new  defense 


BY  JOHN  COX 

Network  Chemistry  is  extending  its  security 
software  to  cover  laptops  running  various 
kinds  of  wireless  connections. 

The  new  product,  called  RFprotect  End¬ 
point,  will  include  an  agent  that  runs  on  lap¬ 
tops  and  enforces  wireless  security  policies. 
The  idea  is  to  protect  users  when  they’re  out¬ 
side  the  corporate  perimeter  and  connecting 
to  hot  spots,  cellular  networks  or  Bluetooth 
smartphones,  where  laptops  are  more  ex¬ 
posed  to  network  threats  than  on  corporate 
wireless  LANs  (WLAN). 

The  product  is  about  to  enter  beta  tests  and 
is  scheduled  to  be  released  during  the  first 
quarter  of  2006.  Pricing  starts  at  $29  per  laptop. 

RFprotect  Endpoint  is  focused  on  the  wire¬ 
less  interfaces  in  a  laptop.  It  can  apply  enter¬ 
prise  security  policies  to  802. 1 1  WLAN 
adapters,  cellular  data  cards  and  Bluetooth 
connections.  The  agent  runs  on  all  the  com¬ 
mon  Windows  operating  systems  and  doesn’t 
interfere  with  VPN  clients,  the  company  says. 

An  agent  can  monitor  and  regulate  and 


limit  how  much  the  user  can  change  the  con¬ 
figurations  and  properties  of  their  wireless 
[network  interface  card],”  says  Skip  Bayro, 
senior  IT  security  consultant  with  OpoTech. 

Bayro  has  deployed  for  several  clients 
Network  Chemistry’s  RFprotect  Distributed,  a 
combination  of  software  and  dedicated  wire¬ 
less  sensors  for  detecting  and  blocking  WLAN 
intrusions.  One  client,  an  energy  company 
with  more  than  400  laptops,  will  be  a  beta  site 
for  the  new  Endpoint  product. 

“This  will  be  an  agent  that  can  be  ‘cookie- 
cuttered,’  configured  at  a  central  console,  and 
pushed  out  to  users  anywhere,”  Bayro  says.“For 
example,  users  won’t  be  able  to  change  the 
[Service  Set  Identifier] ,  or  change  the  802.  IX 
authentication  supplicant,  or  make  any  of  the 
other  changes  to  their  wire¬ 
less  connectivity  that 
would  compromise  infor¬ 
mation  security’ 

The  basic  approach  is 
similar  to  that  of  other  com¬ 
panies,  which  use  an  agent 


architecture  to  secure  various  parts  of  a  client 
device.  Safend’s  Protect  product  (www.net¬ 
workworld. com,  DocFinder:  1145)  controls 
peripheral  interfaces,  including  those  used  by 
WLAN  cards.  Other  companies  in  this  market 
include  Centennial  Software,  McAfee  and 
Senforce  Technologies. 

The  Endpoint  agent  can  be  downloaded  to 
any  number  of  laptops  using  Microsoft 
Systems  Management  Server,  Macrovision’s 
Flexnet  and  other  tools.  Once  a  laptop  powers 
up,  the  agent  contacts  the  Endpoint  server  soft¬ 
ware,  which  downloads  updated  configura¬ 
tions  and  policies  to  the  laptop. 

Administrators  work  with  the  server  program 
to  create, save,  download  and  activate  wireless 
security  policies  for  Endpoint.  Examples 
include  requiring  a  corpo¬ 
rate  VPN  client  to  be  active, 
prohibiting  the  use  of  ad 
hoc  WLAN  connections 
between  two  laptops  and 
using  only  specified  access 
points.  ■ 
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IBM  LOTUS®  NOTES®  &  DOMINO®  PRESENT 
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BUSIf  ESS-CRITICAL  COLLABORATION  TAKES  ON  WEAK-KNEED  PRODUCTIVITY! 
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Open  source 
GPL  to  get 
m^jor 
revision 


BY  PHIL  HOCHMUTH 

A  proposed  revision  of  the 
GNU  General  Public  License 
could  have  lasting  effects  on 
users  and  developers  of  open 
source  software. 

The  Free  Software  Foundation 
(FSF)  and  Software  Freedom 
Law  Center  last  week  said  they 
are  working  on  GPL  Version  3 
(GPLv3),  which  will  be  the  first 
major  update  to  the  open 
source  license  since  1991. 

“If  it  ain’t  broke,  don’t  fix  it,”  is 
part  of  the  reason  why  the  GPL’s 
current  version  has  lasted  for  14 
years,  says  Peter  Brown,  execu¬ 
tive  director  of  the  FSF  However, 
he  acknowledges  that  14  years  is 
an  eternity  in  the  world  of  soft¬ 
ware  development,  and  that  the 
dramatically  changed  climate  in 
which  open  source  code  is  writ¬ 
ten  and  used  calls  for  an  update 
to  the  license. 

The  FSF  is  scheduled  to  release 
a  draft  of  GPLv3  next  month,  with 
subsequent  second  and  final 
drafts  expected  by  the  summer 
and  fall.  The  final  version  of 
GPLv3  is  expected  by  the  spring 
of  2007. 

While  Brown  would  not  give 
details  of  the  revamp,  a  major 
aspect  of  revision  will  center 
on  open  source  license  com¬ 
patibility. 

“We  are  looking  to  improve 
compatibility  with  other  impor¬ 
tant  free  software  licenses,”  he 
says.  “GPL  is  the  dominant  free 
software  license,  with  70%  of 
open  source  software  licensed 
under”  it. 

Brown  says  most  software 
licensed  under  GPLv2  will  be  sup¬ 
ported  by  GPLv3.  Most  individuals 
and  organizations  that  write  soft¬ 
ware  under  the  GPL  opt  for  lan¬ 
guage  that  allows  their  products 
to  be  supported  by  any  future  ver¬ 
sion  of  the  GPL.  However,  this  is 
not  the  case  with  Linux,  which  is 
licensed  explicitly  under  Version  2 
of  the  GPL  and  will  not  be  grand¬ 
fathered  into  GPLv3. 

Brown  adds  that  any  open 
source  product  licensed  under 
GPLv2  will  have  to  be  relicensed 
for  Version  3.“It’s  their  decision  to 
See  GPL,  page  68 


NW  event  lays  out  '06  Roadmap 


BY  CARA  GARRETSON 

FRAMINGHAM,  Mass.  —  Imple¬ 
menting  VoIP  virtualizing  storage 
and  computers,  and  evaluating 
identity  management  are  just 
some  of  the  priorities  for  2006  rec¬ 
ommended  to  attendees  of 
Network  Worlds  IT  Roadmap  ’06 
technology  tour,  which  kicked  off 
last  week. 

The  tour  aims  to  delineate  hot 
technologies  for  the  coming  year 
and  how  to  implement  them,  and 
how  they  can  align  with  business 
goals.  It  focused  on  eight  areas: 
remote-office  networking,  LANs, 
application  acceleration,  VoIP 
security,  network  management, 
storage  and  identity  networking. 

For  the  most  part,  these  areas 
line  up  with  the  IT  priorities  that 
one  attendee  has.  “We  need  to  do 
enterprise-to-enterprise  collabora¬ 
tion  to  pull  teams  from  different 
businesses  together,  and  we’re  just 
starting  to  explore  identity  man¬ 
agement,”  said  Greg  Weldon,  direc¬ 
tor  of  service  development  with 
Philips  Medical  Systems  in  An- 


Mapping  the  Mure 

Suggestions  for  what  to 
focus  on  in  2006  that  were 
shared  at  Network 
World’s  IT  Roadmap 
event  last  week: 

•  Assess  VoIP;  in  particular  examine 
the  potential  for  bottom-line  savings. 

•  Put  in  place  a  strategy  for  remote 
and  virtual  workers,  because  90% 
of  employees  are  somewhere  other 
than  headquarters. 

•  Create  an  information  stewardship 
task  force  to  define  how  to  handle 
information  protection,  disaster 
recovery/business  continuity, 
information  life-cycle  management, 
compliance  and  data  quality 
management. 

•  Virtualize  the  data  center,  both 
storage  and  computers, 

•  Put  identity  management  on  the  front 
burner  to  facilitate  “virtualized  security." 

SOURCE:  NEMERTES  RESEARCH 


dover,  Mass.“We’re  looking  at  iden¬ 
tity  management  from  a  device, 
network  and  application  perspec¬ 
tive,  more  than  just  people.” 

One  area  that  Weldon  doesn’t 
view  as  a  priority  is  application 
acceleration.“It’s  just  not  a  tremen¬ 
dous  problem  for  us,  as  long  as  we 
invest  in  bandwidth,”  he  says, 
adding  that  the  company  sup¬ 
ports  4,000  field  workers. 

At  the  conference  Johna  Till 
Johnson,  president  and  senior 
founding  partner  of  Nemertes 
Research  and  Network  World 
columnist, detailed  a  five-year  plan 
for  businesses’  network  priorities. 

Much  of  the  suggested  planning 
for  2006  includes  building  task 
forces  around  key  technology 
strategies,  including  information 
stewardship  —  which  Johnson 
defined  as  the  art  and  science  of 
managing  information  in  the  data 
center  —  distributed  and  virtual 
workers,  on-demand  infrastruc¬ 
ture  and  mobility.  These  task 
forces  should  help  organizations 
evaluate  how  related  technology 


can  help  boost  productivity  and 
make  a  positive  affect  on  the  orga¬ 
nization’s  bottom  line,  as  well  as 
build  deployment  road  maps  and 
benchmarking  initiatives. 

The  technology  that  powers 
those  strategies  will  come  from  a 
variety  of  areas,  she  said.  Com¬ 
pliance,  storage,  security  identity 
networking  and  information  life- 
cycle  management  products  are 
necessary  to  support  information 
stewardship.  Keys  to  implement¬ 
ing  a  distributed  and  virtual  work¬ 
force  strategy  are  Volf?  real-time 
collaboration,  application  accel¬ 
eration  and  remote-office  man¬ 
agement.  Also  essential  ingredi¬ 
ents  for  building  an  on-demand 
infrastructure  are  storage, informa¬ 
tion  life-cycle  management  and 
application  acceleration,  while 
application  acceleration  and 
remote-office  management  are 
essential  to  mobility. 

To  register  for  a  tech  tour  com¬ 
ing  to  your  area,  go  to  www.net 
workworld.com,  DocFinder: 
9427.  ■ 


Sun  shipping  eight-core  Niagara  servers 


The  details 

Key  features  of  Sun’s  new  multicoreT2000  server: 


Processor: 

1  UltraSparc  T1  multicore  processor,  with  four,  six  or  eight 
cores 

Memory: 

16  slots,  each  supporting  512M,  1G  or  2G  bytes  DDR-2 
DIMMS,  for  a  maximum  32G  bytes  of  memory 

Networking: 

Four  Ethernet  ports 

PCI  interfaces: 

Three  PCI-Express  and  two  PCI-X  slots 

Power: 

Two  hot  swappable,  redundant  power  supply  units 

Sun's  ALOM  (advanced  lights  out  management)  controller 

Remote  management: 

Operating  system: 

Solaris  10  pre-installed 

SOURCE:  SUN  DOCUMENTATION 

BY  JENNIFER  MEARS 

Sun  this  week  is  aiming  to 
change  the  way  corporate  cus¬ 
tomers  look  at  rack-dense  servers 
by  unveiling  low-power-consum- 
ing,  high-processing  systems 
based  on  its  new  multicore,  mul¬ 
tithreaded  UltraSPARC  T1  proces¬ 
sor,  code-named  Niagara. 

Among  a  number  of  announce¬ 
ments,  the  most  significant  is 
expected  to  be  the  introduction  of 
Sun’s  first  products  in  its  Niagara 
server  line.  The  servers  are  aimed 
at  I/O  intensive  workloads, such  as 
Web  serving,  where  systems  must 
respond  to  thousands  of  requests 
simultaneously  Sun  says  the  units 
will  consume  about  half  the  power  of  Xeon-  or 
Opteron-based  systems  while  handling  as 
many  as  32  individual  software  instructions 
per  processor. 

The  1U  T1000  server,  which  has  six  or  eight 
processing  cores  on  a  single  piece  of  silicon,  is 
expected  to  be  available  next  year  and  priced 
starting  at  less  than  $4,000,  according  to 
sources  familiar  with  Sun’s  plans.  The  2U 
T2000,  meanwhile,  is  available  with  four,  six  or 
eight  processing  cores  on  a  single  chip  and  a 
starting  price  of  about  $8,000.  Each  core  on  the 
Niagara  processor  can  handle  four  software 


threads  simultaneously 

Sun,  which  declined  to  comment,  hopes  the 
servers  will  boost  its  position  in  the  exploding 
low  end  of  the  server  market  by  addressing  the 
environmental  concerns  of  IT  managers  strug¬ 
gling  to  maintain  overprovisioned  data  cen- 
ters.The  new  processor  runs  as  fast  as  1 .2  GHz, 
yet  consumes  just  70  watts  of  power, a  bit  more 
than  an  average  household  light  bulb.  Today’s 
processors  average  about  100  watts  or  more, 
according  to  industry  experts. 

“Niagara  is  hitting  the  market  at  a  good  time. 
The  concerns  it  addresses,  such  as  power  effi¬ 


ciency  are  high  on  a  lot  of  IT  man¬ 
agers’  minds  todayf  says  Gordon 
Haff.an  analyst  at  Illuminata.“We’ll 
have  to  see  how  it  stacks  up  on 
both  benchmarks  and  real-world 
application  performance  —  but  if 
it  really  does  offer,  say,  double  or 
better  Xeon  performance  that 
should  be  enough  to  grab  the 
attention  of  anyone  with  a  large 
Linux  server  farm.” 

Power  and  heat  issues  are  the 
driving  forces  behind  a  shift  in 
processor  design  industrywide: 
Instead  of  simply  ramping  up 
clock  speed,  chipmakers  are 
putting  more  cores  on  a  single 
piece  of  silicon  to  enable  more 
work  to  be  done  by  fewer  power-hungry 
processors. 

IBM  has  had  a  dual-core  Fbwer  processor 
since  2001  and  introduced  a  quad-core 
Fbwer5+  in  October.  HP  rolled  out  its  dual-core 
PA-RISC  chip  last  year,  and  both  Intel  and 
Advanced  Micro  Devices  introduced  dual¬ 
core  x86  chips  this  year.  ■ 


I  Read  more  about  Sun's  expansion  of  open 
source  software.  Page  34. 


IBM 


WEBSPHERE 


PRESENTS 


DEATH 


YOU 


BY 


VS 


w. 


A  THOUSAND  APRS 


m 


TRUE  ESB  GOES  HEAD-TO-HEAD  W  TH  RAMPANT  INTERFACES 


THE  NEW  AND  ENHANCED  WEBSPHERE  ESB  PRODUCTS 


FEATURING 


ROBUST  ★  EASY  TO  USE  *  AFFORDABLE 


OPEN  STANDARDS  FOR  VIRTUALLY  LIMITLESS  SECURE  AND  SCALABLE  INTEGRATION 

PLUS: 


NEAR  UNIVERSAL  CONNECTIVITY  I  SEAMLESS  REAL-TIME  COMMUNICATION  |  UNMATCHED  WORLD-CUSS  IBM 
INCLUDING  WEB  SERVICES  I 


BETWEEN  BUSINESS-CRITICAL  ARPS  I  OVER  10  YDS  INTEGRATION 


POWER  YOUR  8.O.A.  WITH  TRUE  ESB.  POWER  YOUR  BUSINESS  WITH  WEBV 


IBM  MIDDLEWARE.  POWERFUL.  PROVEN.  FIGHT  BACK  AT  WWW.IBM. 


IBM,  the  IBM  logo  and  WebSphere  are  registered  trademarks  or  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  ©2005  IBM  Corf-or-ui'-n.  A.i ,  i^.ts  -jserved. 


■ 


12  •  www.networkworld.com  •  12.5.05 


Windows  management  service  debuts 


Policy  portal 


FullArmorthis  week  is  releasing  its  PolicyPortal,  a  hosted 
service  that  lets  administrators  manage  mobile  laptops  and 
other  devices  over  the  Internet 


As  part  of  its  dashboard  interface, 
PolicyPortal  provides  users  with  a  quick 
status  check  of  all  machines  being  managed. 


BY  JOHN  FONTANA 

FullArmor  this  week  is  expected 
to  introduce  a  service  designed  to 
help  companies  use  policies  to 
manage  Windows-based  mobile 
laptops  and  remote  machines 
that  are  not  routinely  connected 
to  a  network. 

FullArmor’s  hosted  service, 
called  FblicyFbrtal,  is  a  central¬ 
ized  hub  from  which  administra¬ 
tors  can  set,  deploy  and  enforce 
usage  procedures  via  the  group- 
policy  features  of  Microsoft’s 
Active  Directory  Windows  client 
machines  are  outfitted  with  a 
small  software  agent,  FullArmor’s 
GPAnywhere  client,  that  regularly 
checks  the  portal  for  new  or 
updated  policies  when  the 
machines  are  connected  to  the 
Internet. 

The  service  is  targeted  at  com¬ 
panies  that  want  to  centrally  man¬ 
age  users  who  are  not  regularly 
connected  or  ever  connected  to 
Active  Directory  including  roam¬ 
ing  laptop  users,  remote  or  home 
clients  and  corporate  contractors, 
as  well  as  kiosks,  point-of-sale  ter¬ 
minals  and  ATMs.  It  also  is  target¬ 
ed  at  companies  that  do  not  use 


Active  Directory  and  at  service 
providers. 

Service  providers  such  as 
Chicago-based  Itility  are  eyeing 
FblicyFbrtal  as  part  of  disaster- 
recovery  plans  for  mobile  users. 

“We  want  to  use  FblicyFbrtal  for 
things  such  as  restoring  folder 
icons  on  a  desktop,  mapping  dri¬ 
ves  or  reestablishing  Outlook  pro¬ 
file  settings,”  says  Rick  Neubauer, 
Itility’s  CTO.  The  company  pro¬ 
vides  a  data  backup  for  mobile 
users  who  lose  or  have  their  lap¬ 
tops  stolen,  and  the  company 
plans  to  augment  that  with  a  one- 
click  service  that  would  restore  all 
of  a  user’s  settings  and  configura¬ 
tions  via  policy  once  they  get  a 
new  laptop. 

“We  can’t  do  that  now.  For  those 
people  in  the  field  you  spend 
hours  with  them  on  the  phone. 
Not  all  that  is  alleviated,  but  a 
good  chunk  of  it  is,”  Neubauer 
says. 

PolicyPortal,  which  FullArmor 
says  is  likely  to  be  released  in  the 
future  as  an  appliance  that  can  be 
deployed  internally  is  tapping  into 
a  growing  interest  in  group  policy 
to  manage  servers  and  machines. 


Group  policy  which  is  support¬ 
ed  on  Windows  2000  and  XPand 
Windows  Server  2003,  lets  admin¬ 
istrators  manage,  customize  and 
lock  down  desktop  and  server 
settings  based  on  a  set  of  policies 
maintained  in  the  directory 

The  foundation  of  FblicyPortal  is 
Active  Directory  running  on  a  64- 
bit  version  of  Windows  Server 
2003  Release  2  with  Web-based 
software  that  provides  the  man¬ 
agement  interface. 

The  package  lets  administrators 
log  on  and  upload  digitally  signed 
policies.The  policies  are  stored  in 
a  database  and  each  company 
has  its  own  table  to  ensure  priva¬ 
cy.  In  the  FblicyPortal  manage¬ 
ment  interface,  administrators  can 
see  the  machines  they  are  manag¬ 
ing  and  set  policies  for  individual 
machines  or  groups  of  machines. 
Also  included  is  a  management 
dashboard  that  shows  whether 
machines  are  in  compliance  with 
security  policies,  identifies  which 
settings  are  enforced  or  not 
enforced,  and  provides  a  log  of 
changes  and  who  made  them. 

“This  is  very  much  like  [auto¬ 
mated]  patching,”  says  Danny 


Kim,  CTO  for  FullArmor.  “It  is  an 
automatic  update  —  that  is  how 
the  policy  works.” 

FullArmor  also  is  integrating  its 
Intellipolicy  which  provides  ex¬ 
tensions  for  group  policy  with 
PolicyPortal  so  users  also  can 


automate  tasks  as  printer  setup, 
local  administrator  setup  or  deny¬ 
ing  the  use  of  USB  drives. 

FblicyPortal  is  priced  at  $1  per 
managed  machine  per  month, 
and  there  is  a  one-time  setup  fee 
of  $1,500  per  administrator.  ■ 


Vendors  tackle  S0A  management,  security 

Five  companies  plan  to  release  this  week  products  aimed  at  corporate  environments. 


BY  JOHN  FONTANA 

As  the  concept  of  service-oriented  archi¬ 
tecture  begins  to  find  life  in  corporate  com¬ 
puting,  a  handful  of  vendors  this  week  plan 
to  unveil  software  to  help  companies  man¬ 
age  and  secure  their  SOAs,  as  well  as  inte¬ 
grate  them  with  legacy  systems. 

Amberpoint  is  expected  to  announce  its 
intent  to  ship  this  month  Version  5.0  of  its 
security  and  management  software  that 
includes  a  new  policy  system  designed  to 
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help  manage  large  collections  of  Web  ser¬ 
vices.  Also,  Forum  Systems,  GT  Software, 
Mindreef  and  SOA  Software  plan  to  unveil 
wares  at  the  Gartner  Application  Integra¬ 
tion  and  Web  Services  Summit  in  Or¬ 
lando,  Fla. 

Amberpoint  5.0,  which  costs  $70,000  per 
server,  features  a  policy  system  that  allows 
users  to  manage  Web  services  as  a  set  or 
group  rather  than  one  at  a  time.  The  com¬ 
pany  also  has  retooled  its  security  subsys¬ 
tem  and  added  management  support  for 
non-XML  traffic, such  as  Java. 

“With  5.0  you  can  have  a  bucket  of  ser¬ 
vices  and  policies  applied  to  those  buck¬ 
ets,”  says  Jorge  Mercado,  SOA  architect  for 
MedicAlert.a  nonprofit  foundation  that  pro¬ 
vides  a  repository  of  healthcare  informa- 
tion.“This  gives  us  a  way  to  throw  services  in 
a  bucket  and  have  a  set  of  policies  ready  to 
go."  Mercado  plans  to  begin  testing  Amber¬ 
point  5.0  this  month  because  he  says  the 
current  policies  and  procedures  used  for 
his  growing  list  of  Web  services  won’t  scale. 

Forum  Systems  is  expected  to  release 
Forum  Vantage  XML  Accelerator,  an  appli¬ 


ance  built  on  a  64-bit  platform  that  can 
process  more  than  10,000  XML  messages 
per  second.  The  1U  appliance,  which  is 
priced  at  $45,000,  supports  Simple  Object 
Access  Protocol  (SOAP)  messages,  XML 
Schema  Validation,  XPath  processing  and 
XSLT  transformations. 

GT  Software  is  set  to  ship  Ivory  Service 
Architect, a  set  of  tools  for  implementing  an 
SOA  using  existing  mainframe  hardware, 
data,  applications  and  developer  skills.  The 
product,  which  is  priced  at  $25,000,  is  made 
up  of  Ivory  Studio  and  Ivory  Server.  Studio 
is  a  graphical  tool  for  building  mainframe 
operations  into  business  services,  while 
Server  has  a  SOAP  processor,  service  flow 
processor  and  central  service  repository 

SOA  Software  plans  to  reveal  that  it  has 
acquired  Merrill  Lynch’s  X4ML  Mainframe 
Web  services  platform,  which  the  financial 
services  firm  developed  four  years  ago  and 
uses  today  to  support  600  Web  services. 
SOA  Software  will  sell  the  platform  as  ser¬ 
vice-oriented  legacy  architecture.  Pricing 
was  not  announced.  (See  more  on  Merrill 
Lynch’s  efforts,  page  1 .) 


Mindreef  is  scheduled  to  release  Mind- 
reef  Coral,  a  Web  services  collaboration 
platform  for  companies  building  Web  ser¬ 
vices  and  SOAs.  The  Coral  server,  which 
costs  about  $1,000,  stores  data  and  includes 
tools  that  let  users  test,  diagnose  and  sup¬ 
port  Web  services.  The  tools  are  tailored  to 
specific  types  of  users,  such  as  architects, 
managers,  business  analysts,  developers 
and  testers.  (Read  more  about  vendors  are 
doing  with  SOA  features,  page  38.)  ■ 
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Drawn  from  experience 

IT  know-how  makes  its  way  from  corporate  teams  into  commercial  products  through  different 
paths.  Here  are  some  examples. 


Enterprise  source:  Merrill  Lynch 

Westinghouse 

Electric 

Fidelity 

Investments 

Boeing 

Shell 

Technology:  Tool  for  exposing 

mainframe  trans¬ 
actions  as  standard 
Web  services 
interfaces 

Configuration 

change 

management 

software 

IP  telephony 

communications 

platform 

Messaging 
security  and 
compliance 

. 

Data  management 

Transaction:  SOA  Software  this 

week  is  announcing 
that  it  is  buying  the 
technology  assets 
from  Merrill  Lynch, 

Westinghouse  sold 
the  technology 
assets  to  some  of 
the  software's 
creators,  who  left 
to  form  start-up 
TrueBaseline, 
which  launched  in 
November. 

No  formal  tech¬ 
nology  transfer  but 
Fidelity  Invest¬ 
ments’  internal 
efforts  to  develop 
collaboration  soft¬ 
ware  using  VoIP 
technology  helped 
inspire  BlueNote 
Networks,  which 
launched  in 
September. 

Boeing  spun-off 
the  technology  in 
2003  and  helped 
fund  start-up 
MessageGate. 

Shell  funded  a 
former  employee, 
who  founded 
Kalido  in  2000. 

Merrill  Lynch 

continued  from  page  1 

or  over  the  next  few  years.“We 
never  found  any  compelling  rea¬ 
son  to  stop  doing  what  we  were 
doing.” 

Until  now. The  software  product 
Merrill  Lynch  built,  called  X4ML, 
is  going  commercial  through  its 
new  owner,  SOA  Software,  which 
plans  to  announce  the  deal  this 
week. 

“We  felt  like  wed  invested  quite 
a  bit  of  money  in  the  technology 
already,  and  we  also  felt  like  the 
opportunity  in  the  open  market 
was  such  that  [the  product  devel¬ 
opers]  needed  to  be  given  a 
chance  to  take  their  idea  and  test 
it  in  the  open  market,”  Brown  says 
about  the  sale  of  X4ML  to  SOA 
Software. 

The  commercialization  of  tech¬ 
nology  that  got  its  start  in  an  en¬ 
terprise  IT  setting,  such  as  X4ML, 
is  not  unprecedented. There’s  a 
constant  flow  of  intellectual 
property  from  government  agen¬ 
cies  and  universities  to  the  com¬ 
mercial  world.  Companies  in 
other  industries  have  done  the 
same  thing. 

Shell  funded  Kalido,  a  spinoff 
formed  in  2000  to  tackle  data 
management  challenges.  Boeing 
spawned  MessageGate,  a  messag¬ 
ing  security  and  compliance  ven¬ 
dor,  in  2003.  And  newly  launched 
BlueNote  Networks  was  inspired 
in  part  by  Fidelity  Investments’ 
desire  for  VoIP-based  collabora¬ 
tion  software. 

Most  recently,  start-up 
TrueBaseline  came  out  of 
stealth  mode  and  announced  a 
product  based  on  technology 
developed  by  Westinghouse 
Electric.  Stringent  regulatory 
requirements  for  reporting 
changes  to  IT  system  settings 
led  Westinghouse  to  develop  its 
own  tools  when  commercially 
available  configuration  manage¬ 
ment  products  wouldn’t  suffice, 
says  Aruna  Endabetla,  CTO  at 
TrueBaseline  and  a  former  proj¬ 
ect  manager  at  Westinghouse. 

Westinghouse  used  the  product 
internally  for  several  years  before 
marketing  it  to  other  companies 
a  couple  of  years  ago.  But  trying 
to  expand  the  product  to  meet 
wider  demand,  as  well  as  execute 
software  sales,  proved  incompati¬ 
ble  with  its  core  business. 
Westinghouse  decided  to  sell  the 
IT  assets  to  TrueBaseline’s 
founders. 

The  independence  is  a  good 


thing,  Endabetla  says.  Before  the 
formation  of  TrueBaseline,  devel¬ 
opers  in  Westinghouse  had  to 
balance  the  nuclear  electric 
power  company’s  needs  with 
those  of  the  broader  market  — 
which  sometimes  slowed  down 
evolution  of  the  technology“Now 
we  can  look  at  the  real  market 
needs  and  develop  the  product 
for  the  entire  market,”  she  says. 

Seeds  of  invention 

Companies  today  seem  to  be 
thinking  harder  about  how  they 
can  leverage  non-strategic  tech¬ 
nology  assets,  says  Bob  Hower.a 
general  partner  at  venture  capital 
firm  Advanced  Technology 
Ventures.“We’ve  had  conversa¬ 
tions  with  several  companies 
lately  that  are  trying  to  figure  out 
how  to  get  more  mileage  out  of 
the  intellectual  property  they’ve 
developed.” 

But  the  transition  from  in-house 
technology  to  commercial  prod¬ 
uct  isn’t  always  successful.  Some¬ 
times  poor  personnel  choices 
can  derail  a  spinoff.“Not  every 
large  corporation  IT  person  is  an 
entrepreneur]’  Hower  says. 

In  addition,  not  every  nifty  IT 
invention  is  suited  for  broader 
markets.  A  product  that  originates 
inside  an  enterprise  IT  depart¬ 
ment  “often  has  too  much  local 
culture,” says  Bill  Gassman,  re¬ 
search  director  at  Gartner. There 
can  be  patent  issues,  scalability 
shortcomings  and  code  prob- 
lems.“It  may  have  become 
spaghetti  code  by  the  time  it’s 
ready  to  go  public  because  fea¬ 


ture  after  feature  has  been  added 
to  the  product,  and  the  discipline 
of  commercial  software  develop¬ 
ment  just  wasn’t  there.” 

In  general,  there’s  often  valu¬ 
able  technology  inside  compa¬ 
nies  that  has  the  potential  to  be 
commercialized,  but  most  com¬ 
panies  don’t  have  the  resources 
to  accomplish  it.adds  Vern 
Brownell,  CTO  at  blade  server 
vendor  Egenera. 

Prior  to  founding  Egenera  in 
2000,  Brownell  was  CTO  at 
Goldman  Sachs.  During  his  1 1- 
year  tenure  at  the  financial  ser¬ 
vices  firm,  Brownell  considered 
the  commercial  potential  of 
some  of  its  technology. 

“A  number  of  times  we  had 
what  we  thought  was  pretty  good 
technology’  he  says.  But  readying 
an  in-house  product  for  use  out¬ 
side  the  institution  required  a 
level  of  investment  that  didn’t 
seem  justified.“There  were  other 
higher-priority  strategic  or  com¬ 
petitive  things  to  work  on  from  a 
development  standpoint  that 
made  more  sense.” 

WTiat  came  out  of  Brownell’s 
experience  at  Goldman  Sachs 
was  the  idea  for  Egenera. 
Brownell  had  helped  shift  the 
financial  firm’s  infrastructure 
from  predominantly  mainframes 
and  midrange  servers  to  a  het¬ 
erogeneous,  distributed  comput¬ 
ing  environment  and  knew  first¬ 
hand  the  management  complex¬ 
ity  that  resulted. 

Brownell  didn’t  see  anything  on 
the  horizon  to  alleviate  the  prob¬ 
lem  —  but  he  thought  there 


needed  to  be.That  thought  led  to 
Egenera. 

“Customers  have  unique  per¬ 
spectives  that  vendors  don’t 
always  see,”  Brownell  says. “When 
you’re  in  the  middle  of  it,  when 
you  wake  up  in  the  middle  of  the 
night  with  cold  sweats  because 
of  what  you’ve  created,  you  have 
a  different  sense  of  urgency 
about  it.” 

Balancing  act 

Having  a  former  IT  user  at  the 
helm  —  such  as  Brownell  in 
Egenera’s  early  days  —  can  help 
a  start-up  get  off  the  ground, 
Hower  says.“It  lends  credibility  to 
a  team,”  he  says. 

It  also  helps  when  a  vendor’s 
technology  has  been  shown  to 
work  in  a  demanding  enterprise 
IT  environment.  In  the  case  of  the 
X4ML  technology, “if  that  has 
been  made  to  work  in  a  financial 
environment  where  high  reliabili¬ 
ty  security  and  performance  are 
all  big  issues,  it  probably  has  a 
better  chance  of  being  success¬ 
ful”  than  other  technology  spin¬ 
offs,  Gassman  says. 

SOA  Software  says  the  Merrill 
Lynch  technology  will  help  ex¬ 
tend  its  product  portfolio  to  the 
mainframe.  Enabling  mainframe 
resources  to  participate  in  a  ser- 
vices-oriented  architecture  (SOA) 
has  been  a  challenge, says  Eric 
Pulier,  executive  chairman  of 
SOA  Software.“Getting  these  C1CS 
mainframes  to  become  part  of 
the  new  infrastructure  has  been 
problematic  —  problematic  for 
us  to  deliver  to  our  customers, 


and  problematic  for  customers  to 
find  a  solution.” 

The  deal  also  gives  SOA  Soft¬ 
ware  critical  expertise:  A  team  of 
four  Merrill  Lynch  programmers 
and  engineers  who  built  X4ML 
are  going  with  the  product  to 
SOA  Software. 

Such  a  staff  shift  is  usually  un¬ 
avoidable  in  the  process  of  com¬ 
mercializing  in-house  technology 
through  a  spinoff  or  technology 
acquisition.  It’s  likely  that  there 
will  need  to  be  some  reworking 
of  the  product  for  the  wider  mar¬ 
ket,  and  “that  can  be  hard  to  do 
without  folks  who  know  where 
all  the  skeletons  are,”  Hower  says. 

On  the  other  hand,  for  the 
company  that  developed  the 
intellectual  property,  a  spinoff 
can  mean  losing  key  personnel, 
Gassman  says. 

For  Merrill  Lynch,  making  the 
decision  to  sell  the  X4ML  tech¬ 
nology  required  trade-offs,  Brown 
says.“You  want  to  do  the  right 
thing  for  the  people  who  created 
the  technology,  the  right  thing  for 
Merrill  Lynch  shareholders  and 
the  right  thing  for  the  future  of 
the  technology  itself.” 

Not  everyone  at  Merrill  Lynch 
initially  agreed  that  the  X4ML 
technology  should  be  sold.  While 
Brown  had  no  hesitations,  he 
says  it  was  not  as  easy  to  con¬ 
vince  others  in  the  financial  ser¬ 
vices  firm.“Executive  manage¬ 
ment  is  often  uncomfortable  with 
divestment  because  they’re  won¬ 
dering  what  they’re  giving  awayf 
Brown  says. 

Convincing  everyone  —  and 
then  choosing  the  right  buyer 
from  among  “quite  a  few  com¬ 
panies  who  were  interested  in 
buying  the  software” —  took 
about  six  months,  Brown  says.  In 
the  end,  management  agreed 
and  everyone  walked  away 
happy  he  says. 

“The  folks  that  developed  the 
code  are  very  happy  that  they’re 
now  able  to  go  look  at  the  real 
addressable  market  instead  of 
the  addressable  market  inside 
Merrill  Lynch.”  ■ 


Got  great  ideas? 


■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
ality  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbnjwn@nww.com. 
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Firewalls 

continued  from  page  1 

security  at  the  same  time. 

“We  think  the  application  fire¬ 
wall  is  going  to  go  away  and  be 
replaced  by  something  that  is  a 
little  more  availability-  and  assur¬ 
ance-focused,”  says  Andrew  Ja- 
quith,  a  Yankee  Group  analyst. 

Such  platforms  work  to  keep 
servers  available  to  end  users  and 
safe  from  attacks.  They  also  make 
sure  that  the  traffic  moving  in  and 
out  of  data  centers  is  not  compro¬ 
mised,  he  says. 

Stand-alone  Web  application 
firewalls  examine  HTTP  and 
HTTPS  traffic  at  the  application 
layer,  looking  for  attacks  that  try 
to  slip  by  as  legitimate  applica¬ 
tion  flows.  “The  products  are 
defending  against  people  that 
are  trying  to  use  malicious 
attacks  to  cause  Web  sites  to  dis¬ 
gorge  sensitive  information  or  for 
break-ins,”  Jaquith  says. 

Start-ups  Teros,  MagniFier,  Ka- 
vado  and  Sanctum,  all  bought  by 
others,  made  these  devices.  Citrix 
bought  Teros,  F5  bought  Magni¬ 
Fier,  Protegrity  bought  Kavado 
and  WatchFire  bought  Sanctum. 

While  these  vendors  approach 
the  problems  of  accelerating  and 
securing  Web  application  traffic 
differently  they  share  a  common 
spot  in  the  network:  in  front  of 
application  servers.  The  features 
they  offer  can  include  load  bal¬ 
ancing  traffic  among  servers,  com¬ 
pression,  encryption,  reverse  prox- 
ying  of  HTTP  and  HTTPS  traffic, 
checking  for  application  conform¬ 
ance  and  pooling  TCP  sessions. 

For  its  part,  Citrix  aims  to  merge 
its  Web  application  firewall  with 
its  application  switch,  so  the 
device  will  distribute  traffic  to 
servers  and  also  parse  it  for  appli¬ 
cation-layer  attacks,  the  company 
says. This  integration  is  scheduled 
for  the  second  quarter  of  next 
year,  according  to  the  company. 

Expect  NetContinuum  to  add 
software  tools  next  year  that  make 
configuring  application-security 
policies  easier, says  Varun  Nagaraj, 
CEO  at  NetContinuum.  The  com¬ 
pany  also  is  considering  what  role 
its  application  gateway  might  play 
in  identity  and  access  manage¬ 
ment,  under  schemes  such  as 
Security  Assertion  Markup 
Language,  which  relies  on  appli¬ 
cations  to  authenticate  users. 

F5  will  look  to  protect  XML  and 
SIP  traffic  to  support  Web  services 
and  VolPsays  Erik  Giesa.vice  pres¬ 
ident  of  product  management 


Things  to  know 
about  Web- 
application  firewalls 

While  they  protect  applica¬ 
tions  from  such  exploits  as 
buffer  overflows  and 
format  string  attacks, 
application  firewalls  are  a 
targeted  defense  mech¬ 
anism  that  doesn’t  solve  all 
Web  security  problems.  For 
instance,  they: 

•  May  require  the  tweaking  of  certain 
Web  apps  or  Webified  client/server 
apps  to  work  properly. 

•  Can't  replace  traditional  network- 
layer  firewalls  or  intrusion 
detection/prevention  systems. 

•  May  need  reconfiguration  to  deal 
with  attacks  against  newly 
discovered  application  vulnerabilities. 

•  Can  work  independently  of  load 
balancers  and  application  switches. 

•  May  not  meet  regulatory  demands 
for  data  protection. 


and  marketing  for  the  company  It 
also  is  looking  to  add  WAN-accel- 
eration  technology  to  its  platform 
and  to  produce  a  software  devel¬ 
opers’  kit  to  encourage  the  cre¬ 
ation  of  self-securing  applications 
that  could  block  traffic  when  they 
discover  breaches.  To  do  this,  the 
application  would  tie  into  soft¬ 
ware  governing  F5’s  Big  IP  appli¬ 
cation  switch  to  cause  a  rule 
change  within  Big  IP  that  would 
block  suspect  traffic. 

Imperva  plans  to  develop  audit¬ 
ing  and  assessment  tools  that  help 
customers  comply  with  such  reg¬ 
ulations  as  the  payment-card 
industry  standard,  the  Health 
Insurance  Portability  and  Ac¬ 
countability  Act  and  the  Sar- 
banes-Oxley  Act  for  protecting  pri¬ 
vate  information,  says  Shlomo 
Kramer,  Imperva  CEO. 

Protegrity  expects  to  blend  its 
database  security  gear  with  the 
application-protection  software  it 
got  with  Kavado,  says  Jeannine 
Bartlett,  vice  president  of  product 
strategy  and  development  for 
Protegrity.  “Our  releases  in  the 
coming  year  are  directed  at  back¬ 
end  reporting,  statistics,  metrics, 
mapping  specific  applications  to 
customers’  various  needs  to  com¬ 
ply  with  regulators.  That’s  what 
larger  corporations  are  really 
looking  for,” she  says. 

All  this  activity  marks  a  coming- 


of-age  for  application  firewalls, 
Whitely  says.  Most  of  these  de¬ 
vices  stem  from  reverse-proxy 
technology  in  which  traffic  to  Web 
servers  is  terminated  by  the  proxy 
and  passed  on  to  the  servers  in  a 
separate  session,  and  then  the 
server  response  is  proxied.  While 
the  traffic  is  proxied,  the  device 
looks  at  it  to  determine  whether  it 
represents  an  attempt  to  exploit 
application  vulnerabilities. 

Vendors  didn’t  sell  many  of 
these  boxes,  says  Whiteley,  who 
estimated  revenues  per  company 
topped  out  at  $10  million  per 
year.  But  because  they  occupy 
the  same  spot  in  the  network  as 
application  switches  and  load 
balancers/application  accelera¬ 
tors,  it  makes  sense  to  integrate 
them,  he  says. 

Some  customers  have  bought 
application  switches  as  separate 
devices  that  they  deploy  in  tan¬ 
dem  with  load  balancers.  For 
instance,  Baker  Hill,  a  financial- 
services  application  service 
provider  in  Carmel,  Ind.,  has 
deployed  a  Teros  (now  Citrix) 
application  firewall  in  front  of  an 
F5  Big  IP  appliance,  which  sits  in 
front  of  Microsoft  IIS  servers,  says 
Eric  Beasley  the  firm’s  senior  net¬ 
work  administrator. 

Customers  demanded  the 
application  firewall  be  installed, 
he  says.“As  we  marketed  to  larger 
financial  institutions,  they  looked 
at  that  architecture  and  said  it’s 
Microsoft.  I  see  Nimbda,  I  see 
Code  Red,  I  see  all  these  prob¬ 
lems.  We  won’t  do  business  with 
you  unless  you  put  some  kind  of 
a  reverse  proxy  in  front  of  that 
environment,”  he  says.  “We  have 
clients  who  say  in  their  contracts 
if  that  ever  gets  removed,  we 
break  our  contract  with  you.  It’s 
that  important.” 

Pacific  Northwest  National  Lab¬ 
oratory  which  does  work  for  the 
U.S.  Department  of  Energy,  uses  a 
NetContinuum  application  fire¬ 
wall  to  protect  its  Web  applica¬ 
tions, says  Mark  Hadley, a  research 
scientist  in  the  laboratory’s  cyber¬ 
security  group. 

This  sometimes  requires  rework¬ 
ing  applications  so  they  can  get 
through,  Hadley  says.  For  instance, 
if  a  certain  field  in  an  application 
protocol  uses  a  character  that  also 
is  used  in  the  Web  application 
URL,  such  as  a  forward  slash,  it 
could  represent  a  vulnerability 
that  an  attacker  could  exploit.The 
options  are  to  let  the  traffic 
through  unexamined  or  rewrite 
the  application  to  get  rid  of  the 


ambiguity  Hadley  says.  So  users 
should  be  prepared  for  possible 
work  on  their  applications. 

Hadley  recommends  setting  up 
a  test  environment  to  run  applica¬ 
tions  through  before  they  are 
deployed  to  identify  and  remedy 
such  glitches. 

Whiteley  says  this  type  of  com¬ 
plexity  may  push  some  customers 
to  deem  application  firewalls  too 
complex  to  deploy  especially  if 


their  applications  aren’t  critical  to 
the  business. 

As  vendors  carry  out  their  plans 
to  integrate  application  firewalls 
in  the  same  device  with  applica¬ 
tion  switches  and  create  software 
tools  to  make  them  easier  to  con¬ 
figure,  more  business  customers 
will  use  them,  Whiteley  says.  “It 
will  hit  mainstream  adoption  in 
another  nine  to  12  months,”  he 
says.  ■ 


HP  set  to  unveil 
mgmt.  dashboard 


BY  DENISE  DUBIE 

HP  this  week  is  set  to  share  details  on  its  latest  Open  View  offering, 
which  promises  to  help  organizations  better  track  application  perform¬ 
ance  by  delivering  different  statistics  to  people  with  different  jobs. 

HP  OpenView  Dashboard  1 .0  software  is  designed  to  enable  IT  and 
business  staff  members  to  create  a  portal  to  display  data  or  statistics 
they  would  typically  monitor  through  multiple  third-party  systems. 

The  software  includes  server-based  portal  technology  and  a  worksta¬ 
tion-based  modeling  agent.  Users  can  point  and  click  to  add  services 
and  systems  to  portal  views. 

Using  technology  acquired  with  Talking  Blocks  in  2003,  HP  integrated 
parts  of  its  Management  Integration  Platform  (MIP)  into  Dashboard  to 
enable  the  software  to  request  information  and  accept  data  from  mul¬ 
tiple  third-party  systems. 

For  instance,  Dashboard  using  the  open  interfaces  established  in  MIP 
can  ask  a  Remedy  or  Peregrine  trouble-ticketing  system  for  data  to  dis¬ 
play  in  the  portal  for  a  service  support  manager. The  software  also  can 
subscribe  to  Microsoft  update  or  Symantec  security  Web  sites  to  incor¬ 
porate  information  from  them.  For  example,  the  system  will  collect  data 
and  alert  IT  managers  automatically  if  their  services  are  experiencing 
problems,  rather  than  managers  having  to  check  multiple  monitors.  HP 
says  the  software  will  support  an  unlimited  number  of  service  views. 

James  Maas,  network  monitoring  engineer  at  Fresenius  Medical  Care 
in  Lexington,  Mass.,  got  a  peek  at  the  product  last  year  when  he  was 
employed  at  Yahoo,  which  beta  tested  the  software.  Maas  also  heads  up 
the  New  England  Chapter  of  OpenView  Forum,  an  independent  user 
group  for  HP’s  management  software.  He  says  the  software  will  ease  the 
pain  of  monitoring  for  multiple  IT  professionals  as  well  as  service  and 
business  managers. 

“Each  person  has  a  different  role  when  they  are  monitoring.  Instead 
of  each  of  us  having  to  go  and  check  multiple  systems  and  pull  up  dif¬ 
ferent  stats  to  see  if  everything  is  performing  as  expected,  this  software 
will  send  an  alert  notifying  you  that  something  is  wrong  and  you  can 
drill  down  from  there,”  Maas  says/Tm  really  going  to  push  to  bring  it  in 
here  because  it  would  help  with  our  bandwidth  monitoring  and  other 
services.” 

Jean-Pierre  Garbani,  a  vice  president  with  Forrester  Research,  says 
Dashboard  will  help  users  incorporate  more  automation  into  their 
daily  monitoring  and  could  speed  time  to  resolution. 

“This  is  a  dashboard  that  represents  a  certain  process,  or  modeled 
service,  and  for  each  element  of  the  process  it  will  deliver  indicators 
that  can  be  captured  to  help  determine  the  overall  performance,”  he 
says.“It  can  show  this  data  in  real  time  through  one  pane.” 

HP  OpenView  Dashboard  1.0  will  com- 
pete  with  IBM  Tivoli  Enterprise  Fbrtal,  which 
IBM  developed  with  its  acquired  Candle  |  mope  pp 

technology.  Pricing  starts  at  $60,000,  and  the  news  pagg  jq 

software  is  scheduled  for  general  availability 
in  the  first  quarter  of  next  year.  ■ 


fffjA 


Fr: 

To: 


EDITOR’S 

CHOICE 

Trtvv? 


Computing 


where  information  lives 


a  dream  of  backups  that  are  fast— and  easy  to  manage 


SIP 


come  true 


EMC2 


\  backup 


dantz 


NEW  EMC®  DANTZ®  RETROSPECT®  7  SOFTWARE  MAKES  SPEED  AND  EASE  OF  USE  A  BACKUP 
REALITY.  Now  you  can  perform  fast,  automated  backups  to  disk.  Use  the  c|sk  copies  for  quick 
restores.  And  stream  that  data  to  tape  for  offsite  storage.  Just  a  few  dicks  will  have  you  up  and 
running.  Ease  of  use,  unparalleled  restore  accuracy,  and  complete  protection  for  servers,  desk 
tops,  and  notebooks  are  why  thousands  of  small  and  midsize  businesses  rely  on  Retrospect 


For  a  free  trial,  visit  www.emcdantz.com,  phone  877-738-7687,  or  contact  your 
nearest  EMC  Dantz  Retrospect  reseller 


EMC',.  EMC,  Dantz,  Retrospect*  and  where  information  lives  are  registered  trademarks  of  EMC  Corporation. 


A:!  or  he'  trademarks  are  the  property  of  thtir  respective  owners.  Copyright  2005.  EMC  Corporation.  All  rights  reserved. 


Editor  s 


Choice 


EDITORS 

CHOICE 


Identity 

Manager 


Security  and 
Identity  ev«lve 


unrestricted 

enterprise 


migrate  GroupWise* 


su 


consolidate 


adaptable 


undefendable/^  un^efen^®d  /' 
/assailable.'/' 

\  ;  /  /  :  /: 


go 


X.  V  \  M  \  o 

bulletproof  undate.mm«i^.-.;p  9  / 


Resource 

Management 


automate 


^  .people 

T ' '  . .  open  up  ^  _ _ -V — 


.^outdoors 


V — O  systems 


p" 

simplify  / 

blazing 


v.  ^posed 

i.  . « 

\  I  QT  \  \;  0 unresolved *  \ 7 - ** 

*.  .  \  unfasteried  ^ 


centralized 


lower  cbsts 


/  if  \  9  I?  !\  '  'clear  ® 

v  '  •  agile  :  ya 

scafability  \  •  \  **  .  wide  open 

foundation  /  •  4 

subject  ;  flexibility 

build 


Novell 

Linux  Desktop 

m 


Data  Center 


functionality 

Desktop 


Define  Your  Open  Enterprise.™ 


What  does  Open  mean  to  you?  Community?  Security?  Risk? 
Reward?  Can  it  leverage  legacy  systems?  Consolidate  and 
simplify?  Do  you  believe  in  its  power  and  potential? 

Introducing  Novell®  software  for  the  open  enterprise" — 
the  only  software  that  makes  Open  work  for  you.  From 
desktop  and  data  center  to  identity  management,  resource 
management  and  collaboration,  our  flexible  combination  of 
open  source  and  commercial  software  delivers  more  than 


you  ever  imagined.  The  power  to  automate  IT  asset 
management.  Freedom  from  single  vendor  lock-in.  Security 
that  keeps  the  right  information  safe  and  the  right  people 
informed.  And  the  ability  to  connect  people  to  performance 
and  business  to  possibilities.  So  you  can  build  an  open 
enterprise  that  makes  sense  for  you — and  your  future. 
This  is  Novell  software  for  the  open  enterprise.  The 
Open  you’ve  wanted  all  along. 


Novell. 

This  is  your  open  enterprise" 

www.novell.com/defineyouropen 


Copyright  ©  2005  Novell,  Inc  All  Rights  Reserved  Novell,  the  Novell  logo.  ZENworks  and  GroupWise  are  registered  trademarks,  SUSE, 
This  is  your  open  enterprise.  Software  tor  the  open  enterprise  and  Define  your  open  enterprise  are  trademarks  ol  Novell.  Inc.  in  the 
United  States  and  other  countries.  All  third-party  trademarks  are  the  property  ol  their  respective  owners. 


20  •  www.networkworld.com  •  12.5.05 


Anti-offshoring  legislation  heats  up 


The  paper  chase 


There  are  hundreds  of  bills  in  state  legislatures  that  are 
intended  to  curb  offshoring  or  make  it  less  profitable.  Here 
are  a  few  examples: 


State/Bill 
California/Bill  3069 


California/Bill  3021 

Massachusetts 

Virginia/Bill  151 
Washington/Bill  3178 


Intent  Status 

Expresses  intent  of  legislature  to  In  committee 
give  preference  to  California 
companies  for  state  contracts. 

Requires  companies  to  report  the  In  committee 
number  of  employees  in  California, 
in  the  U.S.  and  worldwide. 


Prohibits  outsourcing  state  contract 
work  outside  the  U.S. 

Gives  20%  price  preference  for  state 
procurement  to  U.S.  companies. 

Prohibits  state  contract  work  from  In  committee 
being  performed  outside  the  U.S. 


Passed  both  legislative 
bodies,  waiting  for 
governor’s  signature. 

In  committee 


BY  NANCY  WEIL, 

IDG  NEWS  SERVICE 

Bills  that  would  severely  limit 
offshoring  were  introduced  this 
year  in  almost  all  50  states  as  well 
as  in  the  U.S. Congress, and  there  is 
no  indication  that  legislative 
efforts  are  easing  up. 

Most  of  the  bills  that  have  be¬ 
come  law  seem  to  lack  teeth  and 
in  some  cases  have  had  negative 
consequences.  A  few  states,  for 
example,  had  to  pay  millions  of 
dollars  more  to  move  call  center 
contracts  back  to  the  United 
States.  But  lobbying  efforts  to  pass 
stronger  legislation  appear  to  be 
intensifying. 

“On  the  state  level,  these  efforts 
will  continue,”  says  Stuart  Ander¬ 
son,  executive  director  for  the 
National  Foundation  for  Ameri¬ 
can  Policy  (NFAP). 

Service  and  blue-collar  workers 
have  mobilized  to  support  laws 
restricting  offshoring.  Rescue 
American  Jobs  has  a  legislation 
tracker  on  its  Web  site,  and  says  its 
mission  is  to  build  the  “largest 
American  workforce  mobilization 
in  history”  as  a  response  to  out¬ 
sourcing  and  offshoring.  The 
group  contends  that  offshoring  is 
a  consequence  of  executive  greed 
and  urges  its  members  to  action. 

At  the  other  end  of  the  spectrum 
is  the  Technology  CEO  Council,  a 
group  of  leading  IT  companies, 
including  Dell,  Intel,  IBM  and 


Motorola.  The  groups  Web  site 
lists  “10  common  myths  about 
worldwide  sourcing.”  It  includes  a 
statistic  that  even  some  in  the  anti¬ 
offshoring  movement  will  ack¬ 
nowledge:  Forrester  Research  has 
forecast  the  number  of  out¬ 
sourced  U.S.  jobs  to  reach  3.3  mil¬ 
lion  by  2015,  which  translates  to 
about  250,000  layoffs  annually, 
according  to  Lael  Brainard  and 
Robert  Litan  of  the  Brookings 
Institution. 

But  these  figures  need  to  be 
considered  in  context.  “It  is  small 
relative  to  total  U.S.  employment 


of  137  million  and  accounts  for 
less  than  2%  of  the  roughly  15  mil¬ 
lion  Americans  who  involuntarily 
lose  their  jobs  each  year”  the 
council  wrote. 

At  the  federal  level,  NFAP’s  An¬ 
derson  expects  to  see  continued 
efforts  by  lawmakers  to  curb  off¬ 
shoring  and  outsourcing  by  intro¬ 
ducing  amendments  to  pending 
legislation.  Last  year,  two  amend¬ 
ments  that  would  have  restricted 
outsourcing  of  federal  govern¬ 
ment  work  and  the  use  of  federal 
funds  in  states  that  permit  off¬ 
shoring  were  passed  by  the 


Senate,  but  were  dropped  by  con¬ 
ference  committees. 

Anderson  expects  legislators 
will  turn  to  data-privacy  and  iden¬ 
tity-theft  issues  to  stem  the  export 
of  call  centers  and  other  jobs. 

“It  really  only  takes  one  state  to 
pass  a  bill,  for  example  on  limiting 
data  being  sent  overseas,  to  com¬ 
pletely  interfere  with  a  whole 
range  of  industries  that  rely  on 
being  able  to  send  data  across  a 
border,”  he  says. 

In  cases  where  state  legislation 
has  been  approved  and  taken 
effect,  negative  consequences 
have  sometimes  occurred,  with 
two  of  the  most-cited  examples 
being  in  New  Jersey  and  Indiana. 
A  New  Jersey  measure  to  create 
12  call  center  jobs  in  the  state 
wound  up  costing  $900,000  more 
than  offshoring  the  center,  accord¬ 
ing  to  Anderson  in  an  analysis  he 
wrote  titled  “Creeping  Protection¬ 
ism.”  Other  policy  analysts  note 
that  in  Indiana  the  cancellation  of 
a  state  contract  for  a  call  center 
for  unemployment  services  was 
expected  to  lead  to  unemployed 
residents  having  fewer  services. 

The  NFAP  tracks  bills  that  have 
been  introduced.lt  counted  more 
than  1 12  in  at  least  40  states  in  the 
first  quarter  of  the  year.  Most  bills 
have  been  referred  to  commit¬ 
tees,  some  are  stalled,  some  have 
been  killed  and  only  a  handful 
have  passed.* 


HP  bolsters  utility  services 


BY  TOM  KRAZIT,  IDG  NEWS  SERVICE 

HP  last  week  introduced  several  utility  com¬ 
puting  services  that  will  cater  to  companies 
looking  for  a  way  to  handle  rapidly  changing 
demands  for  computing  resources. 

HP’s  new  Infrastructure  Provisioning  Service 
(IPS)  and  Application  Provisioning  Service 
(APS)  provide  extra  computing  power  to  busi¬ 
nesses  that  don’t  want  to  deploy  servers  just  to 
handle  temporary  surges  in  demand,  says 
Brian  Fowler,  utility  services  global  director  for 
HP 

Utility  computing  allows  customers  to  tap 
into  a  pool  of  computing  resources  hosted  by 
a  provider.  IBM  and  Sun  also  offer  or  are  devel¬ 
oping  similar  services. 

Some  customers,  such  as  animation  giant 
PDI/Dreamworks,  face  cyclical  demand  for 
computing  resources  tied  to  certain  events, 
such  as  the  release  of  movies.  In  the  past,  these 
companies  would  have  to  purchase  and  main¬ 


tain  sufficient  computing  resources  to  handle 
those  peaks  in  demand,  but  that  capacity 
would  sit  idle  most  of  the  time,  Fowler  says. 

Dreamworks  has  been  working  with  HP  on 
utility  computing  services  for  about  three 
years, says  Mike  Kiernan.head  of  systems  infra¬ 
structure  for  PDI/Dreamworks,  the  Glendale, 
Calif.,  animation  arm  of  Dreamworks  movie 
studio.  Computer-generated  movies  such  as 
“Shrek  2” and  “Madagascar”  were  created  using 
early  versions  of  HP’s  flexible  computing  ser¬ 
vices,  he  says. 

PDI/Dreamworks  faces  strict  production 
deadlines,  and  HP’s  services  allow  Dream¬ 
works’  artists  to  take  advantage  of  additional 
computing  resources  to  make  sure  they  get  the 
color  or  movement  of  characters  exactly  right, 
Kiernan  says.  Without  the  extra  capacity, 
PDI/Dreamworks  would  have  to  reallocate 
computing  resources  dedicated  to  future  films 
to  handle  the  current  problem,  delaying  the 


production  of  upcoming  films,  he  says. 

HP’s  services  let  customers  send  their  data 
for  processing  to  HP  data  centers  in  Paris  and 
Houston,  says  Norman  Lindsey  architect  of 
HP’s  utility  computing  services.  The  data  can 
be  compressed  and  encrypted  for  transport 
over  the  Internet,  or  larger  data  sets  can  be 
physically  mailed  to  those  HP  centers,  he  says. 

With  the  basic  IPS,  customers  can  choose  the 
type  of  HP  server  that  will  process  their  data, 
Fowler  says.  Basic  processing  on  32-bit  proces¬ 
sors  from  Intel  costs  55  cents  per  processor, per 
hour,  while  servers  based  on  Intel’s  Itanium 
processor  are  available  for  $  1 .50  per  processor, 
per  hour.  Servers  based  on  Advanced  Micro 
Devices’  64-bit  chips  or  Intel’s  64-bit  x86  pro¬ 
cessors  are  priced  in  between  those  two  end¬ 
points,  he  says.  The  IPS  and  IPS+  offerings  are 
available  now,  while  the  APS  offering  is  sched¬ 
uled  to  be  released  in  the  first  half  of  next  year, 
Fowler  says.* 


NETW0RKW0RLD 

EDITORIAL  DIRECTOR:  JOHN  GALLANT 
EDITOR  IN  CHIEF:  JOHN  DIX 

■  NEWS 

EXECUTIVE  EDITOR,  NEWS:  BOB  BROWN 
NEWS  EDITOR:  MICHAEL  COONEY 
NEWS  EDITOR:  PAUL  MCNAMARA 

■  NET  INFRASTRUCTURE 

SENIOR  EDITOR:  JOHN  COX  (978)834-0554 

SENIOR  EDITOR:  TIM  GREENE 

SENIOR  EDITOR:  PHIL  HOCHMUTH 

SENIOR  EDITOR:  ELLEN  MESSMER  (941)  792-1061 

■  ENTERPRISE  COMPUTING 

SENIOR  EDITOR:  JOHN  FONTANA  (303)  377-9057 
SENIOR  EDITOR:  DENI  CONNOR  (512)  345-3850 
SENIOR  EDITOR:  JENNIFER  MEARS  (520)  818-2928 

■  APPLICATION  SERVICES 

SENIOR  EDITOR:  CAROLYN  DUFFY  MARSAN. 

(317)  566-0845 

SENIOR  EDITOR:  ANN  BEDNARZ  (612)  9264)470 

SENIOR  EDITOR:  DENISE  DUBIE 

SENIOR  EDITOR:  CARA  GARRETSON  (240)  2464)098 

■  SERVICE  PROVIDERS 

SENIOR  EDITOR:  DENISE  PAPPALARDO, 

(703)  768-7573 

MANAGING  EDITOR:  JIM  DUFFY  (716)  6554)103 

■  NET. WORKER 

MANAGING  EDITOR:  JOHN  DIX 

■  COPYPESK/UYOUT 

MANAGING  EDITOR:  RYAN  FRANCIS 
SENIOR  COPY  EDITOR:  JOHN  DOOLEY 
COPY  EDITOR:  TAMMY  O'KEEFE 
COPY  EDITOR:  BOB  SPRAGUE 
COPY  EDITOR:  CAROL  ZARROW 

■  ART 

DESIGN  DIRECTOR:  TOM  NORTON 
ART  DIRECTOR:  BRIAN  GAIDRY 
SENIOR  DESIGNER:  STEPHEN  SAUER 
ASSOCIATE  DESIGNER:  ERIC  ANDERSON 

■  FEATURES 

FEATURES  EDITOR:  NEAL  WEINBERG 

SENIOR  MANAGING  EDITOR,  FEATURES:  AMY  SCHURR 

OPINIONS  PAGE  EDITOR:  SUSAN  COLUNS 

■  CLEAR  CHOICE  TESTS 

EXECUTIVE  EDITOR,  TESTING:  CHRISTINE  BURNS. 

(717)  243-3686 

SENIOR  EDITOR,  PRODUCT  TESTING:  KEITH  SHAW. 

(508)  49045527 

LAB  ALLIANCE  PARTNERS:  JOEL  SNYDER.  Opus  One; 
JOHN  BASS,  Centennial  Networking  Labs:  BARRY 
NANCE,  independent  consultant;  THOMAS 
POWELL,  PINT;  Miercom;  THOMAS  HENDERSON, 
ExtremeLabs;  TRAVIS  BERKLEY,  University  of 
Kansas;  DAVID  NEWMAN,  Network  Test; 

CHRISTINE  PEREY.  FVrey  Research  &  Consulting; 
JEFTREY  FRITZ.  University  of  California, San 
FYancisco;  JAMES  GASKIN,  Gaskin  Computing 
Services,  MANDY  ANDRESS,  ArcSec;  RODNEY 
THAYER,  Canola  &  Jones 

CONTRIBUTING  EDITORS:  DANIEL  BRIERE,  MARK  GIBBS, 
JAMES  KOBIELUS,  MARK  MILLER 

■  WETW0RKW0BlD.C0M 

EXECUTIVE  EDITOR,  ONLINE:  ADAM  GAFF1N 
MANAGING  EDITOR:  MEUSSA  SHAW 
SITE  EDITOR:  JEFF  CARUSO,  (631)  584-S829 
ASSOCIATE  ONLINE  NEWS  EDITOR:  LINDA  LEUNG 
(510)  768-2808 

MULTIMEDIA  EDITOR:  JASON  MESERVE 
SENIOR  ONLINE  COPY  CHIEF:  SHERYL  HODGE 
SENIOR  ONLINE  GRAPHIC  DESIGNER:  ZACH  SULLIVAN 

■  SIGNATURE  SERIES 

EDITOR:  BETH  SCHULTZ,  (773)  2834)213 
EXECUTIVE  EDITOR:  JUUE  BORT  (970)  482-6454 
COPY  EDITOR:  TAMMY  O'KEEFE 

EDITORIAL  OPERATIONS  MANAGER:  CHERYL  CRIVELLO 
OFFICE  MANAGER,  EDITORIAL  GLENNA  FASOLD 
EDITORIAL  OFFICE  ADMINISTRATOR:  PAT  JOSEFEK 
MAIN  PHONE  (508)  460-3333 
E-MAIL  first  namejast  name@nww.com 


www.iss.net 


PREEMPTIVE  SECURITY  IS  HERE: 
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security 


WITH  PREEMPTIVE  PROTECTION. 


Proventia  ESP  (Enterprise  Security  Platform)  from  ISS  stops  Internet  threats  before  they  impact  your  network.  With  intrusion  prevention  and  vulnerability 
assessment  products  and  services,  Proventia  ESP  gives  you  centralized  control  and  enables  network  uptime.  Only  ISS  keeps  you  ahead  of  the  threat  with 
preemptive  protection  to  suit  your  needs.  Download  a  free  white  paper  at  www.iss.net/ESP/network,  or  call  1-800-776-2362. 
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YOUR  COMPANY’S  FIREWALL 


Introducing  DuPont™  certified  limited  combustible  cable.  In  the  event  of  a  fire,  securing  your 
business’  uptime  is  crucial.  The  data  communications  cable  you  choose  could  play  a  key  role  in  protecting 
your  network  technology  investment.  DuPontIM  certified  cable  produces  20  times  less  smoke  than  other 
plenum  rated  cables.  And  less  smoke  means  less  costly  downtime,  making  it  the  most  advanced  fire 
safety  cable  technology  available  today.  To  learn  more  about  DuPont ™  certified  limited  combustible  cable 
or  to  request  a  free  CD,  log  on  to  teflon.com/cablingmaterials  or  call  1-800-207-0J56. 
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Short  Takes 


■  Radware  last  week  announced 
plans  to  purchase  intrusion-preven¬ 
tion-system  vendor  V-Secure  for 
$15  million.  The  V-Secure  acquisition 
gives  Radware  a  pure  intrusion-pre¬ 
vention  and  -detection  technology  to 
run  on  its  Layer  4-7  switch  hardware 
and  appliances.  Radware's  security 
switches  identify  the  traffic  patterns 
of  common  denial-of-service  attacks 
and  other  attack  methods,  using  its 
hardware-based  Layer  4-7  packet 
inspection  engines  and  security  soft¬ 
ware  for  identifying  malicious  traffic. 
The  company  says  it  will  integrate  V- 
Secure's  IPS  software  into  its 
DefensePro  line  of  intrusion-preven¬ 
tion  and  -detection  hardware,  as  well 
as  its  new  APSolute  Operating 
System  software,  which  runs  on 
Radware  appliances.  Products  based 
on  the  operating  system  include  gear 
for  optimizing  WAN  traffic,  load-bal¬ 
ancing  applications  and  security 
products.  V-Secure  makes  IPS  soft¬ 
ware  called  Adaptive  Smart 
Dynamic  Filter,  which  scans  network 
traffic  and  cuts  off  packets  it  identi¬ 
fies  as  anomalous  or  suspicious, 
based  on  the  network’s  common 
traffic  patterns  and  usage. 


Vendors  mix  voice,  mobile  tools 


BY  PHIL  HOCHMUTH 

Avaya  and  Symbol  Technologies  last  week 
announced  a  product  partnership  aimed  at 
delivering  mobile  IP  telephony  and  com¬ 
puting  to  healthcare  and  retail  customers. 

Avaya’s  IP  Softphone  client  has  been  fine- 
tuned  to  work  with  Symbol’s  Voice  Quality 
Manager  (VQM)  software  on  its  MC50  line 
of  Windows  CE-based  handheld  PCs,  letting 
users  run  IP  telephony  messaging  and  other 
mobile  applications,  supported  by  a 
Symbol  wireless  LAN  (WLAN)  and  Avaya  IP 
PBX  and  messaging  servers. 

The  key  piece  of  software  in  the  product 
package  isVQM,  which  provides  echo  can¬ 
cellation  and  WLAN  traffic  QoS  for  the 
device,  letting  Avaya’s  IP  Softphone  client 
operate  without  interruptions  from  WLAN 
interference,  performance  problems  from 
traffic  congestion  or  cases  where  end 
users  move  out  of  802.1 1  radio  range,  the 
vendors  say 

The  MC50,  Symbol’s  currently  available 
enterprise  digital  assistant,  is  aimed  at  cor- 

See  Partnership,  page  26 


Wireless  convergence 


Symbol's  wireless  LAN  architecture  and  Avaya’s  IP  telephony  hardware  and 
software  can  support  converged  applications  and  desktop-quality  telephony  on 


mobile  devices,  the  vendors  say. 
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Q  A  Windows-based  Symbol  MC50  enterprise  PDA,  running  Symbol’s  QoS  software,  supports  Avaya’s  IP  Softphone 
application  by  providing  echo  cancellation  and  voice-traffic  prioritization.  Symbol  WLAN  infrastructure  enforces 
QoS  and  provides  roaming  connection  handoffs.  _ 

B  Back-end  Avaya  IP  PBX  and  messaging  servers  provide  full  phone  features  and  applications  such  as  unified 
messaging  to  mobile  clients. 


Check  Point  offers  security  appliances 


■  Netgear  has  agreed  to  settle  a 
class-action  lawsuit  accusing  the 
company  of  inflating  the  data  speeds 
of  its  Wi-Fi  network  devices  in  adver¬ 
tising  materials.  Netgear,  in  a  Nov.  23 
filing  with  the  U.S.  Securities  and 
Exchange  Commission,  has  agreed 
to  pay  $700,000  to  settle  the  lawsuit 
initiated  in  June  2004.  A  second  law¬ 
suit,  filed  in  February,  was  voluntarily 
dismissed  in  favor  of  the  2004  law¬ 
suit.  Under  the  terms  of  the  settle¬ 
ment,  customers  who  purchased 
Netgear  wireless  devices  between 
January  1999  and  this  month  will  be 
eligible  for  a  15%  discount  on  the 
purchase  of  a  new  wireless  device. 
The  settlement  must  be  approved  by 
the  Santa  Clara  County  Superior 
Court  in  California.  Netgear  disputes 
the  claims  made  in  the  two  lawsuits 
and  does  not  "admit  any  liability 
whatsoever,”  according  to  the  settle¬ 
ment  agreement  filed  with  the  SEC. 


BY  TIM  GREENE 

Check  Point  has  expanded  its  small- 
and  midsize-business  offerings  with  two 
multifunction  security  appliances  for 
corporate  settings  with  many  small  sites 
that  can  be  managed  remotely  in  large 
numbers. 

Called  Safe@Office  500  and  500V/  the 
devices  add  intrusion  prevention  and  con¬ 
tent  filtering  to  earlier  Safe@Office  models. 
They  also  include  a  firewall  or  VPN  and 
gateway  anti-virus  software. 

The  devices  are  based  on  Check  Point’s 
enterprise-class  VPN-1,  Firewall- 1  and 
Application  Intelligence  software, and  sup¬ 
port  the  company’s  Secure  Remote  desk¬ 
top  client,  which  can  be  downloaded  from 
the  device.  They  compete  against  low-end 
boxes  from  Watchguard  Technologies, 
SonicWall,  Juniper  Networks  and  others. 

Check  Fbint  includes  support  for  a  sepa¬ 
rate  hot-spot  security  zone  in  the  500W 
appliance  so  it  can  be  used  in  a  retail  set¬ 
ting,  for  example,  where  store  owners  want 
to  offer  customers  Internet  access  but  keep 
that  traffic  segregated  from  business  traffic. 


Check  Point  Safe@Office  500  and  500W  multi¬ 
function  security  appliances  for  small  and  mid¬ 
size  businesses  support  firewall,  VPN, 
antivirus,  intrusion  detection  and  URL  filtering. 

The  device  supports  WPA  2  wireless  security 

The  intrusion-prevention  software  can 
scan  for  specific  protocols  to  block  peer-to- 
peer  and  instant-messaging  traffic.  The  de¬ 
vices  support  up  to  10  virtual  LANs  (VLAN). 

Each  device  can  be  bought  in  a  standard 
configuration  or  with  a  power-pack  add¬ 
on.  The  power  pack  includes  the  secure 


hot-spot  wireless  feature,  VLAN  and 
dynamic  routing  support,  and  a  high-avail¬ 
ability  port  to  let  customers  tie  two  boxes 
together  so  one  can  take  over  if  the  other 
fails.  The  power  pack  also  boosts  the  fire¬ 
wall  or  VPN  throughput  from  100M  and 
20M  bit/sec  to  150M  and  30M  bit/sec 
respectively  It  also  increases  the  number 
of  simultaneous  remote-access  VPN  con¬ 
nections  on  base  models  from  five  to  25, 
the  number  of  site-to-site  connections 
from  two  to  15  and  the  number  of  man¬ 
aged  VPN  tunnels  from  10  to  100. 

The  basic  models  are  suitable  for  corpo¬ 
rate  settings  that  need  remote  access,  such 
as  retail  stores  making  calN  to  check  on 
credit  card  information  or  inventory  says 
Peter  Cresswell,  national  practice  manager 
for  security  services  at  Bell  Business  Solu¬ 
tions  in  Canada.  The  company  uses  the 
Check  Point  appliances  to  support  its 
Managed  Security  Service,  he  says. 

The  power-pack  options  are  more  suited 
to  a  small  business  with  fewer  than  200 
employees  that  uses  the  device  for  its  main 
See  Checkpoint,  page  26 
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‘Baled  on  ths  SPtCint*  rate20O0  benchmark  test  performed  by  Dell  Labs  in  July  2005  on  a  PowerEdge  2850,  dual  2.80GHz  w/2MB  cache  Dual-Core  Intel  Xeon  Processors 
.  compared  to  a  similarly  configured  PowerEdge  2850  with  dual  3.60GHz  w/2MB  cache  single-core  Intel  Xeon  Processors.  Actual  performance  will  vary  based  on 

hyuratlon,  usage  and  manufacturing  variability. 
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PERFORMANCE. 

HASSLE-FREE 

MULTI-CORE 

SERVERS. 


DUAL-CORE  INTEL®  XEON™  PROCESSORS 
FOR  OUTSTANDING  PERFORMANCE  ARE 
FEATURED  ON  DELL™  POWEREDGE™  1850, 
2800, 2850, 1855,  AND  THE  4-SOCKET  6800 
AND  6850  SERVERS. 


DELL'S  EASY  TO  DEPLOY 

MULTI-CORE  TECHNOLOGY. 

Get  up  to  a  53%  gain  in  performance*  with 
Dual-Core  Intel®  Xeon™  Processors  in  Dell™ 
PowerEdge™  Servers.  Working  with  your 
existing  Intel®  Xeon™  architecture  greatly 
reduces  the  number  of  system  images 
for  easier  deployment  and  management. 
It's  the  right  technology  at  the  right  time. 


Click  www.dell.com/power26 
Call  (toll  free)  1.866.212.9333 
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The  need  for  (enough)  speed 


TOLLY  ON  TECHNOLOGY 

Kevin  Tolly 


As  we  progress  through  each 
year,  one  thing  is  certain  —  net¬ 
work  gear  gets  faster.  Sometimes 
the  increase  manifests  itself  by  a 
move  up  the  Ethernet  speed  lad¬ 
der,  from  100  to  1,000  or  now 
10.000M  bit/sec.  Other  times  it  is 
marked  by  faster  look-up  engines 
or  greater  port  capacity  In  any 
case,  the  network  vendor’s  mantra 
seems  to  be:You  can  never  be  too 
fast  or  have  too  many  ports.  But 
that  is  starting  to  change. 

This  year  we’ve  conducted  vali¬ 
dation  projects  for  a  series  of  ven¬ 


dors  of  security  infrastructure  and 
server  load-balancers  where  the 
focus  on  enough  speed  and 
enough  bandwidth  —  enough  to 
meet  or  exceed  the  WAN  or  LAN 
access  bandwidth  that  the  pro¬ 
spective  customer  had  available  to 
drive  the  infrastructure  gear  — 
was  of  paramount  importance. 

To  paraphrase  a  vendor  CTO: 
Why  do  you  need  to  buy  a  Gigabit- 
throughput  perimeter  security 
device  if  your  broadband  access 
link  will  never  exceed  100M 
bit/sec?  This  fact  is  nothing  new. 
We’ve  seen  it  when  vendors  pro¬ 
viding  VPN  solutions  to  customers 
running  T-l  links  would  fight  over 
performance  —  one,  say  capable 
of  50M  bit/sec  and  the  other  of 
70M  bit/sec.  Both  solutions  repre¬ 
sented  such  overkill  to  the  measly 
1.5M  bit/sec  delivered  by  the  T-l 


that  a  comparison  was  academic. 

Vendors  now  seem  to  recognize 
the  obvious  —  that  their  devices 
can  be  placed  effectively  in  a  vari¬ 
ety  of  configurations,  that  the  key 
element  of  that  configuration  is 
going  to  be  the  access  bandwidth, 
and  that  this  can  vary  exponen¬ 
tially  (T-l  to  Fast  Ethernet  to  Giga¬ 
bit  Ethernet)  among  customers 
that  are  in  the  same  class. 

A  build-to-fit  approach  makes 
both  practical  and  economic 
sense.  Being  able  to  buy  a  box 
guaranteed  to  deliver  100M  bit/sec 
—  or  1G  bit/sec  —  at  an  appropri¬ 
ate  price  is  attractive  to  prospec¬ 
tive  customers.  Interestingly  ven¬ 
dors  take  different  approaches 
when  delivering  this  bandwidth- 
oriented  solution. 

Some  use  these  calibrated 
bandwidth  and  throughput  deliv¬ 


ery  levels  to  select  the  bill  of 
materials  for  the  box  —  the  com¬ 
ponents  used  to  construct  the 
appliance.  Knowing  the  target 
performance  levels,  it  is  much 
easier  to  right  size  the  compo¬ 
nents  by  avoiding  buying  an 
overly  powerful  (and  overly 
expensive)  network  processor 
and  other  components  that  affect 
the  build  cost  and,  ultimately  the 
customer’s  price.  Customers  can 
then  buy  the  model  that  suits 
their  environment. 

Others  take  what  can  be  called 
a  lock-and-load  —  or  perhaps 
load-and-lock  —  approach.  They 
build  a  single  box  that  can  deliver 
at  a  variety  of  performance  levels 
and  use  license  keys  to  lock  it  to  a 
certain  level.A  given  box  might  be 
able  to  perform  up  to  1G  bit/sec 
but  will  only  do  so  when  the 


appropriate  license  key  is  pur¬ 
chased  and  applied. 

The  obvious  upside  to  such  an 
approach  is  that  customers  can 
develop  their  environment  with¬ 
out  the  proverbial  forklift  up¬ 
grade.  On  the  other  hand,  one 
wonders  whether  one  might  be 
overpaying  for  powerful  process¬ 
ing  that  cannot  be  used  (without 
the  upgrade)  and  might  not  be 
necessary  to  use. 

So  as  you  look  at  your  intrusion, 
encryption,  load-balancer  and 
other  edge  infrastructure,  keep 
your  need  for  speed  —  now  and 
in  the  future  —  in  mind. 

Tolly  is  president  of  The  Tolly 
Group,  a  strategic  consulting  and 
independent  testing  company  in 
Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


Partnership 
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porate  users.  Longer  battery  life, voice  support  through  itsVQM  software 
and  integrated  Wi-Fi  are  part  of  this  business-focused  package. 

The  Avaya  Softphone  client  for  the  MC50  lets  users  have  an  extension 
on  an  Avaya  PBX  or  IP-enabled  legacy  PBX,  just  like  wired  desktop  dig¬ 
ital  or  IP  phones  in  an  office  or  cubicle.The  Avaya  software  includes  all 
functions  of  an  Avaya  business  telephone,  with  access  to  features 
through  MC50  keypad  shortcuts.  A  USB  headset  connected  to  the 
device  is  used  to  communicate. 

The  product  package  is  designed  to  use  Symbol’s  WLAN  switching 
infrastructure,  which  consists  of  its  WS5 100  Wireless  Switch  and  AP300 
Access  Point  products.  Similar  to  offerings  from  Cisco,  Trapeze 
Networks,  Aruba  Wireless  Networks  and  others,  Symbol’s  equipment 
consolidates  the  management  and  security  of  WLAN  access  points  on 
the  WS5100  switch,  and  uses  the  AP300s  as  network-attached  radios. 

Voice  over  WLAN  (VoWLAN)  is  a  hot  topic  at  industry  trade  shows 
and  in  telephony  and  infrastructure  vendor  pitches,  says  Jeff  Snyder,  a 
senior  analyst  with  Gartner. 

“There’s  a  great  deal  of  interest  but  not  a  lot  of  deployment  outside  a 
few  vertical  industries,  because  it  takes  a  great  deal  of  reengineering  of 
the  network  to  support  [wireless  VoIP]  property’ Snyder  says. 

Technologies  such  as  Symbol’s  VQM,  which  take  care  of  WLAN  hand- 
offs,  QoS  and  voice  packet  processing,  could  spur  adoption  of  Wi-Fi 
voice  by  making  it  simpler  to  deploy 

Symbol  also  will  join  Avaya’s  DeveloperConnection  program,  in  which 
Avaya  and  Symbol  engineers  will  design  jointly  developed  voice  and 
wireless  technologies  for  enterprises. 

Symbol  is  Avaya’s  third  major  WLAN  partner  in  mobile  IP  telephony 
The  VoIP  vendor  also  has  a  partnership  with  Proxim,  which  Avaya  uses 
in  its  Wi-Fi  VoIP/cellular  hand-off  product  offering  —  along  with  hand¬ 
set  maker  Motorola.  Extreme  Networks,  Avaya’s  largest  network  infra¬ 
structure  partner,  also  offers  a  complete  WLAN  product  lineup. 

Avaya’s  broad  partnering  allows  a  broader  potential  customer  base, 
Snyder  says.  “You  won’t  see  any  vendors  getting  locked  up  with  each 
other  in  exclusive  deals”  in  the  mobility  and  Wi-Fi  voice  markets,  he 
adds." No  one  has  to  get  rid  of  [their  WLAN  infrastructure]  to  run  Avaya 
IP  voice.” 

The  Symbol/Avaya  product  package  is  available  from  select 
Symbol/ Avaya  resellers  and  integration  partners,  who  set  pricing  on  an 
individual  customer  basis,  according  to  the  two  vendors.  ■ 


Northrop  Grumman  to  deliver 
IP  conferencing  net  to  DoD 


BY  PHIL  HOCHMUTH 

The  U.S.  Department  of  Defense 
last  week  picked  Northrop  Gram- 
man  to  build  its  $51  million  IP 
videoconference  network,  based 
on  hardware  and  software  from 
Cisco  and  Radvision,  network  ser¬ 
vices  from  AT&T  and  technology 
from  other  partners. 

The  network  project  was  award¬ 
ed  by  the  Defense  Department’s 
Defense  Information  Systems 
Agency  (DISA).  Northrop  Grum¬ 
man  will  install  the  DISAs  Defense 
Video  System  Version  II  (DVS-II) 
network,  which  upgrades  the  cur¬ 
rent  network  from  digital  to  IP 
video  and  audio  conferencing. 
The  DISA  provides  communica¬ 
tions  technology  for  the  White 
House,  the  secretary  of  defense 
and  the  Joint  Chiefs  of  Staff. 

DVS-II  will  be  built  on  Cisco’s  IP 
Video  Conferencing  (IPVC)  3540 
Multipoint  Control  Unit  and 
MeetingPlace  IP  voice/video  con¬ 
ferencing  software.  Radvision’s 
iView  multimedia  conferencing 
middleware,  which  integrates 
applications  such  as  Microsoft 
Office,  is  another  large  part  of  the 
infrastructure. 

Radvision  says  the  deal  will  be 
worth  $6  million  to  $8  million  in 
software  and  services,  and  Cisco 
would  not  say  how  much  of  its  IP 


video  hardware,  software  and  ser¬ 
vices  are  involved. 

DVS-II  will  provide  “a  key  set  of 
tools  to  enhance  the  Department 
of  Defense’s  network-centric  oper¬ 
ations”  and  allow  U.S  military 
organizations  to  communicate 
better  during  combat,  said  Otto 
Guenther,  vice  president  and  gen¬ 
eral  manager  of  Northrop  Grum- 
man’s  Tactical  Systems  Division. 

In  addition  to  the  Cisco/Rad- 
vision  components,  Northrop 


Checkpoint 
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Grumman  will  use  AT&T  network 
services,  along  with  services  and 
support  from  IT  companies  FC 
Business  Systems,  CritiCom  and 
Netconn  Solutions. 

While  Cisco  is  helping  build  the 
Defense  Department’s  video  net¬ 
work,  it’s  also  going  after  video 
technology  in  living  rooms.  The 
network  giant  recently  an¬ 
nounced  plans  to  acquire 
Scientific-Atlanta  in  a  deal  valued 
at  $6.9  billion.  ■ 


firewall,  Cresswell  says.  When  used  in  conjunction  with  Check  Point’s 
Security  Management  Platform,  a  corporation  could  deploy  security  to 
branches  where  there  is  no  onsite  IT  staff,  he  says.  Bell  Business 
Solutions  preconfigures  its  Check  Point  appliances  and  ships  them  to 
customers  for  installation.  The  devices  then  connect  to  the  manage¬ 
ment  platform  in  Bell’s  network,  he  says. 

Check  Point  also  is  introducing  two  update  services  for  anti-virus  and 
intrusion-prevention  signatures  and  content  filtering. 

Standard  models  of  Safe@Office  500  cost  $300  ($500  for  the  wireless 
version)  for  five  users  to  $1,000  ($1,150  for  the  wireless  version)  for 
unlimited  users.  Service  packs  cost  an  extra  $500  each. 

Anti-virus  and  intrusion-prevention  services  cost  $180  to  $450, 

depending  on  the  number  of 
users,  and  content  filtering  costs 
$50  to  $300,  also  depending  on 
VPNS  ^e  number  of  users. 

Subscribe  to  our  free  newsletter.  The  two  boxes  and  services  are 

DocFinder:1023  www.Mtw*rkw*rW.CMi  available  this  month.  ■ 


REMEMBER  WHEN  TECHNOLOGY 
HAD  THE  POWER  TO  INSPIRE  YOU? 


BELIEVE  AGAIN. 

Once,  technology  transformed  business  in  a  way  that  made  us  believe  its  potential  was  boundless.  But  over 
time,  the  promise  of  IT  was  challenged  by  sheer  complexity.  Today  there's  reason  to  believe  again. 
Computer  Associates  (CA)  introduces  an  approach  to  managing  technology  called  Enterprise  IT  Management 
(EITM).  With  the  range  of  software  and  expertise  to  unify  systems,  processes  and  people  across  the  enterprise. 
Simplify  the  complex.  And  enable  IT  to  deliver  fully  and  securely  against  your  business  goals.  With  CA  software 
solutions,  you  can  reach  a  higher  order  of  IT.  At  your  own  pace,  on  your  own  path,  with  your  existing  technology 
and  partners.  To  learn  more  about  EITM,  and  how  CA's  new  solutions  can  help  you  unify  and  simplify  your  IT 
environment  in  a  secure  way,  visit  ca.com/unify. 
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The  new  Canon  imageRUNNER  solutions  and  support  addressed 
Don's  concerns  about  seamless  network  integration,  secured  printing 
and  managing  network  devices.  Hence,  Don's  no  longer  concerned. 


Don’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  We’re  well  aware  of  your  daily  challenges  as  the  gatekeeper 

of  your  company’s  network.  And  we  totally  understand.  That’s  why  Canon’s  imageRUNNER®solutions  are  raising  the  bar  for  how  well  network  devices 
work  and  how  seamlessly  they’re  integrated.  You’ll  appreciate  enhanced  security  features  that  include  a  secured  print  function  for  document 
confidentiality,  user  authentication,  NetSpot®and  Remote  III™  for  easily  managing  network  devices.  In  addition,  you  get  entirely  new  systems  across 
our  full  line  of  imageRUNNER  solutions,  which  offer  intuitive  technology  that  works  with  you,  not  against  you.  You 

can  also  expect  your  current  investment  to  be  leveraged,  your  concerns  to  be  addressed  and  the  potential  of  your  1 1 I.  .■ 

workday  to  be  expanded.  Which  means  no  more  business  as  usual.  1-800-OK-CANON  www.imagerunner.com 

l. a n o n .  IMAGERUNNER  and  NetSpot  are  registered  trademarks  of  Canon  Inc  .  In  the  United  States  and  may  also  be  registered  trademarks  in  other  countries.  IMAGEANYWARE  and  Remote  Ul  are  trademarks  of  Canon  U.S.A..  Inc. 

0^005  Ca^on  u  S  A  Inc  All  light!,  reserved  Products  shown  with  optional  accessories. 
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ENTERPRISE  COMPIITINfi 

■  WINDOWS  ■  LINUX  H  UNIX  K  SERVERS  IS  STORAGE  W  GRID/UTILITY  1;  MOBILE  COMPUTING 

Open  source  firm  to  challenge  VMware 


Virtual  growth 


While  VMware  now  leads  the  fast-growing  x86-based  server  virtualization 
software  market . . . 


Revenue  (in  millions) 


2002 


2003 


2004 


. . .  newcomers  such  as 
XenSource,  which  are 
lumped  into  the  “other" 
category,  are  picking  up 
steam. 

2003  to  2004 
revenue  growth 

EMC/ VMware  131% 

IBM  *  ~  7.4% 


Microsoft 


32% 


Other 


92.4% 


SOURCE:  I  DC  SOFTWARE  MARKET  FORECASTER,  JUNE  21 


BY  JENNIFER  MEARS 

XenSource,  the  company  founded  to  pro¬ 
vide  support  and  maintenance  for  the 
open  source  Xen  virtual-machine  monitor, 
is  releasing  its  first  commercial  product,  a 
set  of  tools  that  the  company  says  will  make 
it  easier  to  virtualize  servers. 

Called  XenOptimizer,  the  product  is  in 
beta  for  the  latest  release  of  Xen,  a  commu¬ 
nity-developed  program  that  provides  an 
alternative  to  commercial  offerings  from 
VMware  and  others. 

XenSource  is  expected  to  announce  this 
week  that  XenOptimizer  will  be  generally 
available  in  the  first  quarter  of  next  year, 


Short  Takes 


■  InMage  Systems  is  adding  busi- 
ness-event-based  recovery  and  auto¬ 
mated  information  tiering  features  to 
its  DR-Scout  suite  of  disaster-recov¬ 
ery  software,  according  to  an  execu¬ 
tive  of  the  company.  InMage  is 
expected  to  announce  this  month 
that  two  large  storage-equipment 
manufacturers  will  bundle  InMage's 
software  with  their  products,  says 
Kumar  Malavalli,  CEO  and  co-founder. 
With  the  business-event-based  recov¬ 
ery  feature,  users  will  be  able  to 
bookmark  a  predefined  business 
event,  Malavalli  says.  In  the  event  of  a 
disaster,  the  system  automatically 
starts  the  recovery  from  the  selected 
business  event,  he  says.  The  feature 
is  scheduled  to  start  shipping  in  DR- 
Scout  in  the  first  quarter.  By  the  end 
of  next  year,  InMage  plans  to  intro¬ 
duce  a  feature  that  uses  a  policy 
engine  to  enable  data  to  be  moved 
automatically  from  primary  to  sec¬ 
ondary  or  tertiary  storage,  depending 
on  the  priority,  importance  and  age  of 
the  data,  Malavalli  says.  This  would 
enable  users  to  save  on  storage  costs 
by  allocating  only  critical  data  to 
more  expensive  and  sophisticated 
storage.  DR-Scout  is  targeted  at  the 
midtier  market.  The  average  price  of 
an  installation  that  protects  about 
five  servers  with  about  10T  bytes  of 
storage  attached  is  $50,000. 


says  CTO  Simon  Crosby  Pricing  has  not 
been  released. 

XenSource  also  plans  to  announce  gen¬ 
eral  availability  of  Xen  3.0,  the  first  major 
release  of  the  software  in  more  than  a  year. 

Xen  3.0  brings  a  number  of  updates,  in¬ 
cluding  support  for  as  many  as  32-way  sym¬ 
metric  multiprocessor  virtual  machines  and 
expanded  memory  support  for  workloads 
with  large  memory  demands.  The  new  ver¬ 
sion  also  supports  Intel’s  VT  virtualization 
technology  and  is  expected  to  support  Ad¬ 
vanced  Micro  Devices’  (AMD)  hardware- 
based  virtualization  technology  early  next 
year,  which  will  enhance  CPU  and  memory 
virtualization  and  will  enable  Xen  to  run 
under  all  operating  systems,  Crosby  says. 

Today  Xen  supports  only  Linux  on  x86, 
though  the  Xen  project  at  the  University  of 
Cambridge  in  England  is  working  on  port¬ 
ing  Xen  to  HP  Itanium  servers,  as  well  to 
PowerPC-based  systems  from  IBM.  Sun 
recently  demonstrated  Solaris  x86  virtual 
servers  running  on  Xen. 

Xen  backers  say  the  software  provides 
better  performance  at  a  lower  cost  than 
VMware,  because  it  virtualizes  operating 
systems  at  the  kernel.  That  requires  some 
modification  to  operating  systems,  but  both 
Red  Hat  and  SuSE  say  they  will  include 
support  for  Xen  in  their  upcoming  operat¬ 
ing-system  releases. 

Still, even  as  Xen  —  developed  by  a  group 
that  includes  AMD,  Dell,  HpiBM  and  Intel  — 


BY  JOHN  COX 

Nokia’s  recently  announced  plan  to  buy 
Intellisync,  a  wireless  e-mail  vendor,  for 
$430  million  will  give  the  cell  phone  giant 
key  software  for  crafting  mobile  data  appli¬ 
cations  for  business. 

Intellisync  will  be  folded  into  Nokia’s 
Enterprise  Solutions  group,  headed  by  for¬ 
mer  HP  executive  Mary  McDowell.  The 
group,  formed  in  January  2004,  is  intended 
to  be  a  key  source  of  growth  and  revenue 
for  Nokia,  as  it  competes  with  Good  Tech¬ 
nology,  Research  in  Motion,  Visto  and,  in¬ 
creasingly,  Microsoft,  to  address  needs  of 


gains  broader  support,  it  has  a  tough  road 
ahead  in  the  fast-growing  virtual  machine 
market,  analysts  say 

“Xen’s  market  is  a  good  one  for  them  to 
be  aimed  at,  but  there  is  a  huge  gorilla  [in 
VMware]  they’re  competing  with  that  is 
gaining  weight  fast,” says  Charles  King,  prin¬ 
cipal  analyst  at  Pund-IT  Research.  “They 
claim  to  be  offering  a  real  significant  price/- 
performance  benefit,  which  could  increase 
the  uptake  of  Linux  servers.” 

For  enterprises,  the  question  is  how  big 


customers  looking  to  extend  back-end 
applications  and  data  to  mobile  devices. 

But  Nokia  has  a  way  to  go,  says  Teney 
Takahashi,  market  analyst  with  the  Radicati 
Group.  Enterprise  solutions  accounted  for 
3%  of  Nokia’s  2004  revenue,  he  says.  While 
the  group’s  revenue  jumped  57%  in  2004 
compared  with  general  enterprise  revenue 
in  2003,  the  group’s  yearly  net  loss  also 
increased,  by  41%. 

Recently  the  group  launched  the  Nokia 
Business  Center,  a  push-based  e-mail  ser¬ 
vice  similar  to  RIM’s  BlackBerry  offering. 

See  Nokia,  page  30 


their  Linux  presence  is  and  what  kind  of 
open  source  expertise  they  have  to  support 
a  Xen  rollout,  he  says.  XenSource  hopes  the 
introduction  of  XenOptimizer  will  help  alle¬ 
viate  the  expertise  concern. 

“Xen  the  open  source  product  is  a  pretty 
raw  technology ...  Until  now,  the  majority  of 
deployments  have  been  by  people  who  are 
Linux  experts  and  have  developed  their 
own  solutions  to  roll  it  out,”  Crosby  says. 
“What  [XenOptimizer]  provides  is  all  the 
wrapping  around  Xen  that  one  would  need 
to  actually  go  off  and  deploy  in  a  normal 
enterprise  environment.” 

XenOptimizer  provides  a  dashboard  view 
of  virtualized  resources,  enabling  cus¬ 
tomers  to  monitor  and  manage  a  Xen- 
based  virtual  environment  from  a  single 
location,  Crosby  says.  The  software  doesn’t 
plug  into  higher-level  management  tools, 
such  as  HP  Open  View  or  IBM  Tivoli,  though 
XenSource  plans  to  add  that  type  of  sup¬ 
port  next  year,  he  adds. 

Andi  Mann,  senior  analyst  ■  systems 
management  at  Enterprise  management 
Associates,  says  XenOptimizer  will  be  an 
important  factor  in  determining  how  Xen 
fares  in  corporate  data  centers. 

“But  every  time  you  introduce  a  new  tech¬ 
nology,  you  introduce  a  management  shift,” 
Mann  says.  “With  something  like 
XenOptimizer,  it  becomes  a  lot  easier  to 
manage,  and  that’s  critical  not  just  to  accep¬ 
tance,  but  also  to  what  kind  of  real  returns 
businesses  will  get  out  of  virtualization.”® 


Nokia  pushes  harder 
for  enterprise  mobility 
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Gerf  backs  broader  Google  focus 


Internet  pioneer  Vmt  Cerf,  Google’s  chief  Internet  evange¬ 
list ,  recently  spoke  with  Juan  Carlos  Perez  of  IDG  News 
Sewice ,  a  Network  World  affiliate,  about  a  variety  of  topics 
related  to  the  Mountain  View,  Calif.,  search  giant.  Here  is  an 
edited  transcript  of  the  conversation. 

As  Google  broadens  its  menu  of  services  beyond  search  to  areas  such 
as  blogging,  Web  mail,  Wi-Fi  access,  instant  messaging  and  social  net¬ 
working,  does  it  run  the  risk  of  losing  its  focus? 

Absolutely  not.  What’s  happening  here  is  the  aggregation  of  a 
remarkable  collection  of  people,  all  of  whom  have  a  very  visceral  and  strong  appre¬ 
ciation  for  what  is  possible  to  do  with  software  and  information. They  are  exploring 
a  variety  of  ways  in  which  to  make  these  computer-driven  tools  more  useful  and 
cross-functional. The  focus  isn’t  simply  on  search.lt  is  on  making  information  discov¬ 
erable  and  useful,  so  all  of  these  things  you  see  happening  at  Google  are  side  effects 
of  expanding  on  the  original  paradigm,  which  was  making 
search  an  effective  tool. 

Is  it  a  good  strategy  for  Google  to  be  in  the  enterprise-search  market 
with  products  such  as  the  Search  Appliance  and  the  Google  Mini? 

Yes,  I’m  very  excited  about  the  packaging  up  of  Google’s 
capabilities  in  a  way  that  can  be  delivered  to  an  enterprise. The 
opportunity  there  is  to  deliver  this  capability  to  a  fairly  broad 
range  of  enterprises  from  very  small  to  very  large.The  ability  to 
help  people  organize  information,  especially  unstructured 
information,  is  a  very  powerful  tool. 

What  do  you  make  of  the  mash-ups  phenomenon,  those  combination 


Web  sites/Web  applications? 

I  can’t  tell  you  how  excited  I  am  about  it.  We  know  we  don’t  have  a  corner  on  cre¬ 
ativity  There  are  creative  people  all  around  the  world,  hundreds  of  millions  of  them, 
and  they  are  going  to  think  of  things  to  do  with  our  basic  platform  that  we  didn’t.  So 
the  mash-up  stuff  is  a  wonderful  way  of  allowing  people  to  find  new  ways  of  apply¬ 
ing  the  basic  infrastructures  we’re  propagating.This  will  turn  out  to  be  a  major 
source  of  ideas  for  applying  Google-based  technology  to  a  variety  of  applications. 

Most  of  Google’s  revenue  comes  from  paid  search  ads.  Should  the  company  try  to  diversify  its 
revenue  sources? 

It  is  always  a  good  idea  to  understand  how  dependent  you  are  on  your  revenue 
streams  and  whether  there  could  be  more  diversification.  However,  we  have  a  very 
long  way  to  go  before  we  have  exhausted  that  segment  of  [the  overall  advertising 
market]  that  we  have  reasonable  access  to.  I’m  not  suggesting  complacency  at  all, 
but  I’m  suggesting  we  have  some  ways  to  grow  in  our  current  business  model  on  a 
global  scale  before  diversification  becomes  an  issue. 

Since  early  last  year,  Google  has  been  involved  in  a  steady  stream  of 
controversies,  the  latest  one  being  publishers'  lawsuits  over  the 
Google  Book  Search  program.  How  well  do  you  see  Google  handling 
these  controversies? 

Part  of  my  job  is  to  try  to  make  that  better.  On  the  Google 
[Book  Search  controversy],!  don’t  think  we  explained  as  care¬ 
fully  as  we  should  have  how  this  was  going  to  work  and  how 
we  would  protect  the  interest  of  the  publishers.  And  the  pub¬ 
lishers  have  leaped  to  a  conclusion  that  is  not  supported  by 
what  we’re  trying  to  do.  Part  of  my  job  is  to  articulate  that  more 
carefully,  and  I  hope  we  can  overcome  the  concerns  that  have 
been  expressed.  ■ 


nww.com 

Google  galore 

Go  online  for  more  about  where  Google  is 
headed  and  its  enterprise  network  strategy. 
Get  caught  up  by  viewing  a  Google  timeline 
and  a  list  of  its  offerings. 
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Nokia 

continued  from  page  29 

But  initially  this  center  supports 
only  data-enabled  cell  phones 
and  other  devices  using  the 
Symbian  operating  system. 

“Intellisync  will  strengthen 
Nokia’s  position  in  the  [enter¬ 
prise]  wireless  e-mail  market  and 
provide  Nokia  with  a  solid  wire¬ 
less  e-mail  platform  for  [rebrand¬ 
ed  by]  carriers,’ ’Takahashi  says. 

Radicati  projects  healthy  growth 
for  corporate  e-mail  in  general 
and  wireless  e-mail  in  particular 
(see  graphic,  right). 

But  wireless  e-mail  is  only  one 
part  of  the  enterprise  picture. 

“What  [Nokia]  really  wanted 
was  the  application-integration 
[capabilities]  from  Intellisync,” 
says  Jack  Gold,  principal  with  J. 
Gold  Associates.  “Wireless  e-mail 
will  become  a  commodity  The 
data  that  enterprises  are  really 
willing  to  pay  for  [to  access  wire¬ 
lessly]  is  the  data  from  their  SAR 
Oracle  and  other  applications.” 

Intellisync’s  flagship  product  is 
its  Mobile  Suite.  A  server-based 


gateway  behind  the  corporate 
firewall  links  corporate  e-mail 
servers,  such  as  Exchange  and 
Domino,  with  a  wide  range  of 
mobile  devices  and  operating  sys¬ 
tems.  Two  other  parts  of  the  suite 
handle  device  management  and 
provisioning,  as  well  as  data  and 
file  synchronization. 

“In  wireless  e-mail,  most  of  our 
deployments  are  smaller”  in  size, 
says  Rip  Gerber,  chief  marketing 
officer  for  Intellisync.  “But  we 
have  thousands  of  seats,  some¬ 
times  tens  of  thousands,  for  our 
device-management  software 
and  our  data-  and  file-synchro¬ 
nization  software.” 

Rivals  downplay  the  merger. 
“Intellisync  focuses  on  consumer, 
‘prosumer’  and  the  small-business 
market,”  says  Terry  Austin,  presi¬ 
dent  of  Good  Technology  Good 
has  been  working  with  Nokia  for 
months  on  joint  engineering  and 
support  for  the  upcoming  Nokia 
Eseries  handhelds,  which  are 
aimed  at  business  users.  “Intelli¬ 
sync  doesn’t  run  a  network  opera¬ 
tions  center  [as  Good  does] ,  and 
as  such  doesn’t  offer  the  same 


level  of  guaranteed  service  and  IT 
management  features  that  the 
high-end  enterprise  segment 
demands.” 

Gerber  says  Intellisync  offers  a 
hosted  e-mail  service,  targeted  at 
small  businesses.  For  large  enter¬ 
prises,  it  has  software  based  on 
126  issued  and  pending  patents 
that  deal  with  security,  device 
management  and  the  various 
complexities  associated  with 
extending  enterprise  application 
data  to  wireless  devices. 

Others  suggest  the  merger  is  not 
a  good  fit. 

“If  you  look  at  Nokia,  about  95% 
of  its  revenues  come  from 
devices  or  infrastructure”  prod¬ 
ucts,  says  Sanjay  Kamble,  vice 
president  of  marketing  for  Visto. 
“You  need  to  be  able  to  partner 
with  the  device  manufacturers  to 
get  early  releases  so  you  can  sup¬ 
port  them  in  your  software.  Will 
Nokia  actually  get  early  release  of 
[competing]  devices  from 
Motorola  and  Samsung?” 

In  October,  Intellisync  unveiled 
an  innovation  that  hints  at  what 
Nokia  means  by  “beyond  e-mail." 


The  new  product  is  called 
Intellisync  Information  Bots,  or 
infobots  for  short,  which  are 
small,  menu-driven  data-access 


programs,  designed  to  be  quick¬ 
ly  created  with  an  accompany¬ 
ing  development  kit  and  script¬ 
ing  tools.  ■ 


Unwired  e-mail 


As  corporate  e-mail  keeps  growing,  more  of  it  is  expected  to 
be  delivered  wirelessly. 


Corporate  e-mail  traffic 
worldwide 


(in  millions) 
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Installed  base  of  corporate 
wireless 

E-mail  mailboxes  (in  millions) 
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Improving  network  security  and 
performance  is  rarely  as  simple 
as  plugging  in  a  box.  This  time  it  is. 

Spammers  and  hackers  are  gunning  for 
your  network.  Stop  them— -and  bandwidth 
waste— with  3Com's  TippingPoint™  Intrusion 
Prevention  System.  Named  Best  Security 

Solution  for  2005'  by  SC  Magazine ,  our 
plug-and-play,  total-flow  inspection  at 
multi-Gigabit  speeds  ensures  that  the  only 
traffic  on  your  system  is  traffic  you  want 
there.  Learn  more  through  our  white  papers 
available  online  or  by  calling  1-888-TRUE  IPS. 


"TippingPoint 

a  division  of  3Com 


v  tippingpoint.com/GetTheDetails 


3Com 

security  — 
VoIP 
wireless 
switching 
routing 
services 


•SC  Maganne  awarded  TippingPoint  Intrusion  Prevention  System,  formerly  known  as  UmtyOne.'"  Best  Security  Solution  for  2005 
Copyright  ©  2005  3Com  Corporation.  Atl  rights  reserved.  3Com  and  the  3Com  logo  are  registered  trademarks  of  3Com  Corporation 
All  other  company  and  product  names  may  be  trademarks  of  their  respective  companies. 


all  before  lunchtime  in  D.G 


With  Avocent  data  center  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent 

DSView"  3  management  software  gives  you  a  secure,  centralized  point  of  control  -  whether  your  server  rooms  are 
across  the  hall  or  across  the  nation.  With  more  than  20  years’  experience,  Avocent  offers  multi-platform,  multi-device  access 
that  fits  seamlessly  into  your  multi-tasking  lifestyle.  You  can  manage  critical  servers,  networks  and  more,  all  from  a  single 
interface.  And  you  can  do  it  from  any  location.  Avocent  helps  you  save  time,  improve  efficiencies  -  and  brag  a  little  too. 
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APPLICATION  SERVICES 

CRM  m  MESSAGING/COLLABORATION  H  WEB  SERVICES  ERP  ■  E-COM  NETWORK  AND  SYSTEMS  MANAGEMENT 


Short  Takes 


Mirapoint  bolsters  messaging  server 


Research  showed  that  the 
per-user  messaging  costs 
of  SMBs  can  be  10  times 
those  of  large  companies. 

“A  box  that  is  plug-and- 
play  is  going  to  be  very 
appealing.  You  want  some¬ 
thing  [that  has]  all  the 
capabilities  but  needs  less 
tinkering,”  Osterman  says. 

The  M50,  which  comes  in 
a  1U  form  factor,  combines 
e-mail  and  security  with  a 
built-in  internal  directory 
based  on  Mirapoint’s  stand-alone  Directory 
Server.  Users  also  can  integrate  the  M50 
with  Microsoft’s  Active  Directory  The  appli¬ 
ance  runs  on  a  Unix-based  proprietary 
operating  system  and  supports  both  POP 
and  IMAP 

The  M50  has  a  set  of  policy-based  con¬ 
trols,  such  as  outbound  and  inbound  filter¬ 
ing.  Users  can  set  policies,  such  as  e-mail 
aging  and  storage,  that  are  generated  off  the 
internal  security  functionality  or  through 


The  business  cost 

More  than 

50% 

of  small  to  midsize  busi¬ 
nesses  spend  $10  per  user, 
per  month  to  provide  mes¬ 
saging  services.  About  25% 
say  the  cost  is  $30  per  user, 
according  to  a  survey  by 
Osterman  Research. 


age. 


the  mail  store.  Policies 
also  can  be  set  based 
on  individual  users, 
groups,  locations,  titles 
or  specific  roles. 

The  appliance  fea¬ 
tures  53G  bytes  of 
space  that  can  be 
expanded  to  113G 
bytes  and  includes 
RAID  and  battery 
backup  for  the  cache 
to  prevent  data  loss 
during  a  power  out¬ 


Mirapoint  competes  with  CommuniGate, 
Gordano,  Rockliffe,  Scalix,  IPSwitch  and 
Sendmail. 

“We  think  this  is  going  to  fit  in  the  retail 
space  or  with  the  deskless  workforce,” 
says  Craig  Carpenter,  director  of  corporate 
marketing  and  global  channels  at 
Mirapoint. 

The  M50  is  available  starting  at  $13,000. 
User  licenses  are  sold  in  100-user  bundles.B 


Microsoft  partner  offers  collaboration 


■  Mobile  software  vendor  Common- 
Time  last  week  released  mSuite  4.1, 
which  delivers  wireless,  push  Lotus 
Notes  e-mail,  personal-information 
management  and  instant  messaging 
capabilities  to  users  of  devices  that 
run  on  Windows  Mobile  5.0.  Micro¬ 
soft  recently  released  its  Mobile  5.0 
technology,  which  includes  support 
for  push  e-mail  —  except  for  Notes 
—  to  the  Exchange  platform.  With 
mSuite  4.1,  wireless  push  e-mail  can 
be  used  with  Lotus  Notes  advanced 
features  such  as  room/resource 
booking  on  the  Notes  calendar.  The 
software  is  available  now  and  is 
priced  at  $309  per  user. 

■  Symantec  last  week  upgraded 
the  discovery  tool  for  its  Veritas 
Enterprise  Vault  e-mail  and 
instant  messaging  archiving  soft¬ 
ware.  Compliance  Accelerator 
Version  6.0  is  aimed  at  helping 
financial  services  companies  per¬ 
form  supervisory  reviews  of  elec¬ 
tronic  communications  to  assure 
regulatory  compliance.  Compliance 
Accelerator  gives  customers  a 
companywide  review  of  e-mail, 
instant  messages  and  digital  faxes. 
The  package  supports  storage 
hardware  from  EMC,  IBM,  Network 
Appliance  and  others.  The  new  ver¬ 
sion  of  Compliance  Accelerator  is 
available  now.  Pricing  starts  at 
$41,377  for  a  1,000-user  installation 
that  includes  Enterprise  Vault. 

■  SAP  last  week  acquired  Callixa,  a 
San  Francisco  developer  of  enter¬ 
prise  information  integration  soft¬ 
ware.  The  deal  closed  about  three 
months  ago.  SAP  had  not  discussed 
it  publicly  before.  SAP  bought  Callixa 
for  its  distributed  query  processing 
technology.  The  technology  enables 
customers  to  write  a  query  that  can 
be  distributed  among  different  data¬ 
bases  and  other  data  stores,  gather¬ 
ing  information  and  sending  it  back 
to  the  application  in  a  single,  unified 
response.  SAP  currently  licenses  a 
distributed  query  technology  from 
MetaMatrix,  but  wanted  to  embed 
the  technology. 


BY  JOHN  FONTANA 

Messaging  vendor  Mirapoint  this  month 
plans  to  begin  shipping  an  appliance  com¬ 
bining  e-mail,  management  and  security 
that  is  designed  to  help  small  and  midsize 
businesses  simplify  their  infrastructures 
and  reduce  costs. 

The  M50  Messaging  Server  includes  an 
address  book  and  calendaring,  group 
scheduling,  anti-virus  and  anti-spam 
capabilities.  It  works  with  a  Web-browser 
client  or  integrates  with  Microsoft 
Outlook. The  M50  is  intended  to  simplify 
the  infrastructure  that  companies  need 
to  construct  and  manage  to  handle  the 
hordes  of  e-mail  they  receive  and  the 
malicious  attacks  that  e-mail  invites. 
Mirapoint  is  aiming  M50  at  businesses 
with  100  to  500  users. 

“What  they  are  doing  makes  sense,”  says 
Michael  Osterman,  president  of  Osterman 
Research.“The  messaging  needs  of  a  small 
organization  are  almost  as  sophisticated  as 
those  of  a  large  one  but  its  [staff]  resources 
are  much  less.”A  recent  study  by  Osterman 


BY  ELIZABETH  MONTALBANO, 

IDG  NEWS  SERVICE 

A  Microsoft  software  partner  has 
launched  the  beta  of  a  new  product  that 
will  let  users  of  Microsoft  SharePoint  Portal 
Server  sites  collaborate  and  share  docu¬ 
ments  and  information  even  when  they’re 
working  offline. 

Colligo  Networks’  Colligo  for  SharePoint 
is  designed  to  give  offline  users  full  access 
to  SharePoint-based  portal  sites,  says  Barry 
Jinks,  president  and  CEO  of  Colligo.  The 
company  expects  to  release  a  full-produc¬ 
tion  version  of  the  software  at  the  end  of 
January 

The  new  product  allows  users  to  view 
and  open  SharePoint-based  portals  even 
when  they  are  not  connected  to  a  net¬ 
work,  says  Brent  Bolleman,  strategic  mar¬ 
keting  manager  for  Colligo.  Users  do  this 
by  typing  in  the  URL  of  the  SharePoint  site 
they  want  synchronized  locally  on  their 
laptop  through  the  Colligo  application, 
which  downloads  and  organizes  all  of  the 
available  content  on  the  site  for  offline 
use,  he  says. 

When  accessing  that  information  locally 


users  also  can  provide  updates  to  the  site 
via  their  laptops.  These  updates  will  be 
synchronized  with  the  SharePoint  site 
when  users  are  online  again,  Bolleman 
says. 

Colligo  also  plans  to  offer  peer-to-peer 
file  sharing  capabilities  in  a  future  version 
of  its  SharePoint  product  that  will  let 
offline  users  link  up  and  collaborate  on 
projects  in  real  time,  according  to 
Bolleman. 

The  company  already  has  a  general  flag¬ 
ship  product,  Colligo  Workgroup  Edition, 
that  enables  users  of  Windows  applica¬ 
tions  that  use  shared  drives  to  serve  out 
information  via  peer-to-peer  networks 
when  they’re  disconnected  from  a  corpo¬ 
rate  server,  Jinks  says. 

The  company  also  has  an  edition  of 
Workgroup  that  lets  customers  of  IBM’s 
Lotus  Notes  application  collaborate  in  real 
time  without  needing  a  connection  to  a 
Lotus  Domino  server.  Colligo  Workgroup 
for  Lotus  Notes  also  allows  users  to  work 
in  real  time  offline  by  establishing  peer-to- 
peer  networks  among  users’  computers  so 
they  can  share  and  update  information  on 


the  fly,  Jinks  says. 

Colligo  decided  to  release  a  SharePoint 
product  when  customers  told  them  that, 
while  Microsoft’s  portal  is  cost-effective 
and  efficient  for  online  collaboration,  it 
lacks  a  rich  offline  client  for  workers  who 
don’t  always  have  access  to  networks, 
Jinks  says.  Cliff  Reeves,  a  general  manager 
of  .Net  at  Microsoft,  discussed  this  prob¬ 
lem  in  a  recent  blog  entry  that  highlighted 
Colligo’s  work  to  make  SharePoint  a  better 
collaborative  environment  for  offline 
workers. 

“Windows  SharePoint  Services  —  whic  1 . 
offers  shared  document  libraries  —  has 
long  suffered  a  technical  disadvantage 
compared  to  Notes/Domino  because  it 
provides  no  automatic  offline  and  synch 
support,”  Reeves  wrote  in  a  September 
entry  on  his  “Most  of  the  time”  blog 
(www.networkworld.com,  DocFinder: 
1 130).  “Auditors  using  SharePoint  will  not 
have  a  local  copy  of  the  SharePoint  files 
unless  they  copied  them  manually. 
However,  Colligo  now  plans  a  plug-in  for 
SharePbint.” 


See  SharePoint,  page  34 
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Pity  the  poor  telephone  company? 


NET  INSIDER 

Scott  Bradner 


From  a  distance  it  looks  like  a 
good  time  to  be  a  traditional 
phone  company  in  the  United 
States.  The  FCC  has  given  these 
companies  an  open  license  to 
exploit  their  dominant  market 
positions.  The  U.S.  House  and 
Senate  are  running  down  a  path 
to  empower  them  to  destroy  the 
Internet.  The  International 
Telecommunication  Union’s 
standards  division  is  defining 
technology  that  will  let  phone 
companies  block  “free”  use  of 
“their”  networks  by  interlopers 
such  as  Google  and  Vonage. 
Billions  of  dollars  are  being  spent 


on  takeovers  and  being  poured 
into  deploying  new  video  ser¬ 
vices.  But  maybe  things  are  not  as 
rosy  as  they  seem. 

I’m  writing  this  just  as  SBC’s 
$16  billion  takeover  of  AT&T 
has  been  consummated,  and  as 
Verizon’s  $8.5  billion  buyout  of 
MCI  is  getting  the  last  of  the 
state  approvals.  That  is  a  lot  of 
money  being  spent  to  buy  up 
failing  long-distance  compa¬ 
nies  just  as  the  whole  concept 
of  long-distance  is  in  its  dying 
days. 

If  Congress  continues  on  the 
path  it  is  on,  we  will  soon  get  a 
new  telecom  regime  that  will  let 
the  big  telcos  and  cable  compa¬ 
nies  block  third-party  use  of  the 
Internet  connections  that  their 
customers  buy  from  them,  all  in 
the  name  of  protecting  their  net¬ 
works  and  helping  law  enforce¬ 
ment.  Unless  something  drastic 
happens,  this  will  destroy  the 


Internet,  at  least  for  most  residen¬ 
tial  and  small-business  users.  But 
since  most  residential  users  think 
the  Internet  is  just  the  Web,  most 
of  them  will  not  notice  unless 
they  have  subscribed  to  non-car¬ 
rier  VoIP  services.  Small-business 
owners  are  likely  to  notice  quite 
well  their  reduced  options  for 
alternate  phone  service. 

At  the  same  time,  the  technolo¬ 
gy  that  enables  the  phone  com¬ 
panies  to  offer  extensive  video 
services  is  well-enough  devel¬ 
oped  for  them  to  start  wide¬ 
spread  deployment  and  thus 
have  a  hook  into  tens  of  billions 
of  dollars  of  cable  TV  revenue. 
Sounds  like  a  great  time  to  be  a 
phone  company  But  things  may 
not  be  quite  as  great  as  they 
appear. 

More  and  more,  residential 
users  are  dumping  their  landline 
phones  in  favor  of  cell  phones. 
Once  the  cell-phone  E911  ser¬ 


vice  becomes  generally  de¬ 
ployed,  many  more  customers 
will  follow  them.  The  In-Stat 
research  group  reports  that  close 
to  10%  of  the  U.S.  population 
already  uses  a  cell  phone  as  their 
primary  line,  and  that  over  half 
are  willing  to  consider  the 
option.  There  goes  the  cream  of 
the  residential  phone  business  — 
unless  you  happen  to  have  a 
wireless  division.  And  even  when 
that  is  the  case,  there  is  a  lot  of 
competition, so  the  profits  will  be 
a  lot  less. 

Businesses  are  moving  in 
droves  to  VoIP  with  ZDNet 
Research  reporting  that  75%  of 
them  have  tried  it  out  and  75%  of 
those  who  adopted  it  like  what 
they  got.  And  there  is  no  require¬ 
ment  that  a  business  get  its  VoIP 
from  the  carrier  that  provides  its 
Internet  connectivity  or  even 
from  a  carrier  at  all. 

Then  there  is  the  video  dream. 


Verizon  is  spending  billions  of 
dollars  to  bring  fiber  to  the 
home  so  that  it  can  offer  what 
residential  users  already  have 
from  cable  TV  and  satellite 
companies  —  hundreds  of 
channels  with  little  on  them 
and  video-on-demand.  The  New 
York  Times  reports  that  content 
owners  want  more  from  you 
phone  companies  than  they  get 
from  your  competitors,  and 
your  competitors  can  always 
reduce  their  fees  to  match  any¬ 
thing  you  can  do. 

Maybe  it’s  not  a  great  time  to  be 
a  phone  company  after  all. 

Disclaimer:  It’s  (almost)  always 
a  great  time  for  Harvard  to  be 
Harvard,  but  the  above  muse  is 
my  own. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  Systems.  He  can  be 
reached  at  sob@sobcomcom. 


Sun  expands  menu  of  free  software 


SharePoint 

continued  from  page  33 

Microsoft  has  worked  closely 
with  Colligo  to  develop  its 
SharePoint  product, according  to 
Reeves  and  Colligo ’s  Jinks. 

Microsoft  plans  to  enable  some 
offline  capability  for  SharePoint 
through  the  next  version  of 
Office,  code-named  Office  12.  But 
Bolleman.who  is  under  a  nondis¬ 
closure  agreement  with  Microsoft 
about  specific  Office  12  features, 
says  that  SharePoint  offline  fea¬ 
tures  offered  in  the  product  will 
be  limited. Colligo’s  product, how¬ 
ever,  will  keep  the  organization 
and  design  points  of  SharePoint 
sites  intact  when  providing 
offline  functionality  instead  of 
serving  up  capabilities  in  pieces, 
he  says. 

Jinks,  whose  company  has 
about  200  customers,  says 
Colligo’s  software  is  used  mainly 
by  large  accounting  and  consult¬ 
ing  firms,  such  as 
PricewaterhouseCoopers,  which  | 
have  employees  at  different  loca¬ 
tions  who  need  to  access  corpo¬ 
rate  documents  in  the  field. 

Colligo  has  not  released  pric¬ 
ing  for  Colligo  for  SharePoint, 
according  to  Jinks.  Colligo 
Workgroup  Edition  currently 
sells  for  $99  per  seat, and  Colligo 
Workgroup  for  Lotus  Notes  sells 
for  $149  a  seat.B 


BY  JENNIFER  MEARS 

Sun,  which  early  this  year 
released  a  free  version  of  its 
Unix-based  Solaris  operating 
system,  last  week  announced 
plans  to  unleash  its  entire  soft¬ 
ware  stack  to  the  open  source 
community. 

Following  through  on  its 
promise,  Sun  announced  it  would 
make  its  Java  Enterprise  System 
—  a  suite  of  server  middleware 
that  includes  identity  manage¬ 
ment,  Web  infrastructure  software 
and  an  application  server  (which 
Sun  released  to  the  open  source 
community  earlier  this  year)  — 
available  for  free. 

In  addition, Sun  said  it  is  making 
available  at  no  cost  an  integrated 
suite  of  software  called  the  Solaris 
Enterprise  System  that  adds 
Solaris;  the  PostgreSQL  database; 
N1  management  tools,  which 
include  the  N1  system  manager, 
the  N1  service  provisioning  sys¬ 
tem  and  the  N1  grid  engine;  Java, 
C  and  C++  development  tools; 
SunRay  thin  client  software;  and 
secure  desktop  software  to  the 
Java  Enterprise  stack. 

“The  majority  of  the  compo¬ 
nents  are  available  online,”  said 
John  Loiacono,  executive  vice 
president  of  software  at  Sun, 
during  a  conference  call  with 


reporters  and  analysts.  “We  are 
making  available  probably 
about  80%  of  the  code.  There 
are  some  pieces  of  the  code 
that  we  are  working  toward 
making  available.  Those  will  be 
available  probably  by  the  first 
quarter  of  next  year.” 

Customers  can  expect  more 
code,  including  storage  manage¬ 
ment  software  to  be  released  to 


BY  JEREMY  KIRK, 

IDG  NEWS  SERVICE 

Software  vendors  are  still 
employing  aggressive  methods  to 
lock  in  sales  with  end  users, 
according  to  a  new  study  by  mar¬ 
ket  analyst  Ovum  Ltd. 

Ovum  surveyed  125  organiza¬ 
tions  in  North  America  and 
Europe,  examining  common 
sales  techniques  adopted  by 
vendors.  Every  end  user  sur¬ 
veyed  reported  at  least  one  issue 
with  a  vendor,  and  that  forceful 
sales  pitches  left  them  spending 
more  money  than  they  wanted 
to,  and  sooner,  Ovum  says. 

Many  software  companies  say 
they  have  reformed  questionable 
sales  tactics,  but  the  study  found 
that  vendors  still  employ  them 


the  open  source  community  over 
time,  he  said. 

“The  summary  of  this  whole 
thing  is  we  just  believe  that  any¬ 
one  still  dealing  in  the  proprietary 
Unix  space  or  the  proprietary 
[software]  space  is  challenged 
because  this  is  .  .  .  how  people 
today  are  developing  applica¬ 
tions,”  Loiacono  said. 

The  move  makes  good  on 


when  under  sales  pressure,  the 
study  says.  About  a  dozen  large 
and  small  vendors  were  men¬ 
tioned  in  the  course  of  the  survey 
but  Ovum  did  not  name  them  in 
the  report  “since  no  vendor  came 
out  darker  than  the  rest,”  says 
David  Mitchell,  software  practice 
leader  at  Ovum. 

Vendors  primarily  used  two 
methods.  In  the  “puppy  dog” 
approach,  vendors  offer  software 
for  a  trial  period  and  then  charge 
after  the  user  has  a  relationship 
with  the  vendor.  To  guard  against 
this  method,  Ovum  cautioned 
organizations  to  define  trial  use 
periods  and  purchasing  arrange¬ 
ments  prior  to  using  software. 

Another  method,  nicknamed 
“gun  metal  in  the  mouth,"  occurs 


promises  Sun  President  and  COO 
Jonathan  Schwartz  made  in  the 
summer  in  detailing  Sun’s  plans 
to  eventually  contribute  all  of  its 
software  code  to  the  open  source 
community.  Schwartz  believes 
Sun  can  better  compete  with 
companies  such  as  Microsoft  and 
IBM  by  taking  advantage  of  the 
open  source  model  to  drive  up 
volume.  ■ 


when  an  organization  employs 
software  in  mission-critical  areas 
for  many  years.  An  organization 
may  be  offered  software  at  a  sub¬ 
stantial  discount  initially  but  at 
renewal  time,  the  vendor  may 
threaten  to  remove  the  software 
unless  the  user  commits  to  a  more 
expensive  contract,  Mitchell  says. 

To  avoid  this  situation,  users 
should  have  a  commercial 
alternative  available  for  the 
function  and  be  willing  to  call 
the  vendor’s  bluff.  Mitchell  says 
Ovum  recommends  that  if  com¬ 
panies  spend  more  than  10%  to 
15%  of  their  IT  operating  expen¬ 
ditures  on  one  vendor,  they 
should  have  a  sourced  replace¬ 
ment  plan  ready  in  case  negoti¬ 
ations  go  bad. ■ 


Software  vendors  bare  teeth  at  sales  time 


SEVEN-LAYER  SECrJRJTT 


SECUREIRDN'S  MULTI-LAYER  DEFENSE  DELIVERS 
IRONCLAD  NETWORK-WIDE  PROTECTION 
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oundry’s  Securelron  traffic  managers  and  SecurelronLS  LAN  switches  are  the  industry’s 
first  essential  building  blocks  for  network-wide  protection  against  emerging  high-speed 
attacks  including  intrusion,  Web,  Virus,  Spam,  VoIP  and  DNS  attacks. 


A 


Securelron  Traffic  Managers  provide  seven-layer  security  at  the  perimeter, 
in  the  data  center,  and  inside  the  LAN.  They  extend  the  life  of  firewalls  by 
offloading  and  augmenting  with  high-performance  protection  against 
application  threats. 


SECUREIRQN  1  □□ 
SECUREIRON  300 


SecurelronLS  LAN  Switches  extend  seven-layer  security  to  every  network’s 
edge  port  connecting  desktops  and  servers,  to  protect  against  DoS/DDoS, 
application  and  malware  attacks.  They  deliver  high-performance,  feature-rich, 
and  affordable  security  in  a  LAN  switch  with  a  choice  of  10/100,  Gigabit  and 
1 0  Gigabit  Ethernet  connectivity. 


SECURElRONLS  1  □□-4802 
SECUREIRON  30D-32GC  1  □□ 


FIND  OUT  MORE  ABOUT  THE  SECUREIRON  SERIES  AND  HOW  YOU  CAN  REDEFINE 
SECURITY  IN  YOUR  NETWORK.  LOB  ON  TO  WWW.FOUNDRYNET.COM 
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The  Power  of  Performance™ 
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FOR  MORE  INFORMATION  PLEASE  CALL:  US/CANADA  1  BBS  TURBOLAN, 


J 


INTERNATIONAL  +1  408.586.1700  OR  VISIT  OUR  WEBSITE  AT  WWW.FOUNDRYNET.COM 


Foundry  Networks,  Inc.  is  a  leading  provider  of  high-performance  Enterprise  and  Service  Provider  switching,  routing  and  Web  traffic  management  solutions  including  Layer  2/3  LAN  switches. 
Layer  3  Backbone  switches.  Layer  4-7  Web  switches,  wireless  LAN  and  access  points,  access  routers  and  Metro  routers.  Foundry's  8,500  customers  include  the  world's  premier  ISPs,  metro  service 
providers,  and  enterprises  including  e-commerce  sites,  universities,  entertainment,  health  and  wellness,  government,  financial,  and  manufacturing  companies. 

©  2005  Foundry  Networks®,  the  Foundry  logo,  The  Power  of  Performance™,  Foundry™,  and  Biglron®  RX  Series  are  trademarks  of  2005  Foundry  Networks,  Inc. 

All  Rights  Reserved.  All  other  marks  are  trademarks  of  their  respective  owners. 


IBM  eServer™  xSeries 


TECHNOLOGY  THAT  GETS  YOU 

“EVERYTHING’S 
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Affordable,  reliable,  easy  to  manage;  eServer  xSeries  with  Intel®  Xeon™  Processors 


IBM  eServer  xSeries  226  Express 

An  entry-level  2-way  server  that 
offers  the  reliability  and 
performance  needed  for  day-to- 
day  computing.  Easy  to  set  up 
and  deploy,  with  access  to  all 
major  system  components. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 

Two-way  tower  with 
rack  capability 

Up  to  6  hot-swappable 
SCSI  hard  disk  drives 
Integrated  RAID  0,1 
Limited  warranty:  up  to  3 
years  on-site3 


From  $1,6394* 

(Other  configurations  as  low  as  $1,229) 

IBM  Financing  Advantage 

Only  $46  per  month5 


IBM  eServer  xSeries  346  Express 

Help  maximize  performance  and 
improve  availability  in  a  rack 
dense  environment  with 
Xtended  Design  Architecture!" 
Includes  Calibrated  Vectored 
Cooling,  an  IBM  innovation  that 
helps  increase  uptime. 

System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3GHz/2MB 

Two-way  2U  rack  server 

Up  to  16GB  DDR2  memory 
using  8  DIMM  slots  with 
enhanced  memory 

Limited  warranty: 

3  years  on-site3 

From  $3,3154* 

(Other  configurations  as  low  as  $2,219) 

IBM  Financing  Advantage 

Only  $93  per  month5 


IBM  eServer  xSeries  260  Express 

IBM’s  newest  third-generation 
Enterprise  X-Architecture'9 
server.  Designed  for  companies 
looking  for  database,  e-mail, 
Web/e-commerce  or  consolidated 
application  serving. 

System  features 

Up  to  four  64-bit  Intel®  Xeon™ 
Processors  MP,  up  to  3.66GHz 

Four-way  tower  or  7U  rack 
capability 

Up  to  3.6TB  hot-swappable 
SAS  (serial  attach  SCSI) 
hard  disk  storage 

Up  to  64GB  of  memory  with 
advanced  memory  protection 

Limited  warranty:  3  years  on-site3 

From  $5,3994* 

(Other  configurations  as  low  as  $4,599) 

IBM  Financing  Advantage 

Only  $151  per  month5 
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Flexible  and  easy  to  use 


IBM  eServer  BladeCenter  HS20  Express 

Offers  extreme  flexibility  and 
scalability,  plus  it  helps  to 
consolidate  and  simplify  your 
infrastructure.  Helps  reduce 
power  consumption  and  save 
valuable  floor  space. 


System  features 

Up  to  two  Intel®  Xeon™ 
Processors  3.20GHz/2MB 
Up  to  14  blades  per  chassis 
Supports  both  32- 

and  64-bit  applications 
IBM  Director2 

Limited  warranty: 

3  years  on-site3 


From  $2,8994* 

(Other  configurations  as  low  as  $1,669) 

IBM  Financing  Advantage 

Only  $81  per  month5 


IBM  TotalStorage®  Simplify  storage  management  to  improve  productivity 


IBM  TotalStorage  DS300  Express 

This  entry-level,  cost-effective  iSCSI  host- 
attached  storage  system  utilizes  your  existing 
network  infrastructure  to  deliver  advanced 
functionality.  Provides  an  exceptional  SAN 
storage  solution  with  xSeries  servers  for 
e-mail/file/print. 


System  features 

3U  rack  mount  entry-level 
with  two  controllers 

Support  for  up  to  14 

Ultra320  SCSI  disk  drives 

From  $6,4554* 

(Other  configurations  as  low  as  $2,995) 


Starts  at  584GB  / 
scales  to  4.2TB6 

Limited  warranty:  1  year 
on-site3 


IBM  Financing  Advantage 

Only  $180  per  month5 


•All  prices  are  iBMs  estimated  retail  selling  prices  as  ol  September  13, 2005.  Prices  may  vary  according  to  configuration  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability  This  document  was  developed  tor  offerings 
m  the  United  States  IBM  may  not  otter  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  1  IBM  Director  is  not  available  on  TotalStorage  products.  2  IBM  Director  musl  be  installed.  Products  included  in  IBM  Express  Servers  and  Storage  may 
also  be  purchased  separately  3  Telephone  support  may  be  subject  to  additional  charges  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician  On-site  warranty  is  available  only  lor  selected  components.  4  Prices  subject 
to  change  without  notice.  Starting  price  may  not  include  a  hard  drive,  operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  5.  IBM  Global  Financing  offerings  are  provided  through  IBM 


USED  TO  SAYING: 
UNDER  CONTROL” 


IBM  Express  Servers  and  Storage ™  for  mid-sized  business. 

Know  an  I.T.  person  who  doesn’t  like  to  hear  that  “everything’s  under  control”? 
We  don’t.  That’s  why  we  offer  an  innovative  management  tool  called  IBM 
Director  that  can  alert  your  I.  T.  people  to  potential  problems  up  to  48  hours  in 
advance! 

And  our  Calibrated  Vectored  Cooling  on  select  xSeries®  servers  helps  cool  your 
systems  more  efficiently.  Packing  more  servers  into  a  single  rack.  Helping  to 
save  space,  energy,  money. 

With  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers,  storage 
and  printers.  Your  local  IBM  Business  Partner  can  tell  you  more.  And  remember, 
you  can  keep  your  technology  current  while  helping  to  reduce  costs  -  through 
IBM  Global  Financing. 

Excited?  No  need  to  control  yourself.  Get  started  today. 


Save  time.  Save  costs.  Save  the  day!  (Optimize  your  I.T.) 

ibm.com/systems/innovatel 

1  800-IBM-7777  mention  104CE04A 


IBM  TotalStorage  DS400  Express 


System  features 


Exceptional  entry-level  solution  for  workgroup 
storage  needs.  With  advanced  functionality, 
the  DS400  supports  xSeries  servers  and 
utilizes  hot-swap  Ultra320  SCSI  drives  for 
high  reliability. 


3U  rack  mount  entry-level  with  up  to  Starts  at  584GB  /  scales  to  12TB6 
two  controllers 

2GB  Fibre  Channel  storage  systems  Limited  warranty:  1  year  on-site3 
area  network  (SAN) 

From  $8,4954*  IBM  Financing  Advantage 

(Other  configurations  as  low  as  $4,995)  Only  $237  per  month5 


Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  tor  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  (actors.  Lease  otter  provided  is 
based  on  a  FMV  lease  of  36  monthly  pavments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice  6.  Denotes  raw  storage  capacity  Usable  capacity  may  be  less  IBM  the  IBM  logo.  eServer.  BlaoeCentei  >;Se  ies. 
TotalStorage.  IBM  Express  Servers  and  Storage,  Enterprise  X-Arcbiiecture  and  Xtended  Design  Architecture  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Intel.  Intel  Inside,  the  Intel  Inside 
logo,  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©2005  IBM  Corporation  All  rights  reserved. 
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PEGIAL  FOCUS 


APPLICATION  SERVER  UPDATE 


Application  servers  get  SOA  treatment 


BY  ANN  BEDNARZ 

As  more  corporate  architects  adopt  a  new 
approach  to  building  applications,  the  ven¬ 
dors  responsible  for  the  foundation  —  the 
application  server  —  are  getting  their  own 
products  in  shape  to  accommodate  the 
new  development  style. 

That  style  is  service-oriented  architecture 
(SOA),  which  calls  for  the  construction  of 
modular,  reusable  application  components 
that  avoid  the  brittleness  of  traditional  lega¬ 
cy  IT  assets.  Businesses  are  ready  for  it.  At 
least  80%  of  the  development  projects  initi¬ 
ated  over  the  next  two  years  will  be  about 
service-enabling  applications,  according  to 
Gartner. 

To  meet  the  demands  of  SOA-seeking 
businesses,  Java  2  Platform  Enterprise 
Edition  (J2EE)  application  server  vendors 
BEA  Systems,  IBM,  JBoss  and  Oracle  have 
been  outfitting  their  wares  with  once- 
optional,  but  now  expected,  features  such 
as  support  for  Simple  Object  Access 
Protocol  and  messaging. 

But  it’s  not  enough  to  simply  provide  the 
tools  that  let  users  build  services-based 
applications,  says  Shaun  Connolly,  vice 
president  of  product  management  at 
JBoss, an  open  source  middleware  vendor. 
It’s  also  important  that  the  application 
servers  technical  architecture  is  service- 
enabled,  so  that  customers  can  swap  in  or 
replace  functions  such  as  Enterprise  Java- 
Beans  (EJB)  containers,  servlets,  messag¬ 
ing  tools  and  management  features  as 
needed.  “A  monolithic  type  of  approach 
would  make  it  difficult  to  take  one  out  and 
use  another(  Connolly  says. 

To  that  end,  JBoss  has  been  reworking  its 
microkernel  to  make  it  more  detailed,  so 
customers  can  be  more  selective  about  the 
Java  objects  they  deploy.  The  new  JBoss 
M'.cruw -ntainer  1.0  will  be  the  foundation 
of  JBoss  Aj  Son  Server  5.0,  which  is 
due  out  midyear  2006,  Connolly  says.“We’ll 
have  basical!)  replaced  the  underpinnings 
of  our  server  with  this  newer,  lighter-weight, 
service-oriented  microcontainer!’ 

In  a  corporate  setting, granularity  is  impor¬ 
tant  so  users  can  skinny  down  an  applica¬ 
tion  server  platform  for  resource-con¬ 
strained  deployments,  such  as  a  network 
appliance,  while  loading  up  on  services  for 
a  high-end  clustered  environment,  Con¬ 
nolly  says. “The  only  way  you  can  do  that  is 
If  the  platform  is  designed  in  a  service-ori¬ 
ented  fashion.” 

JBoss  Application  Server  5.0  also  will  fea¬ 
ture  Seam  1.0,  which  is  a  new  component 


What’s  on  tap 

Simplifying  application  development 
is  a  key  objective  of  the  forthcoming 
Java  EE  5  architecture.  Here  are 
some  of  the  highlights: 

•  Upgrade  of  the  Enterprise  JavaBeans  (EJB) 
component  architecture,  which  enables  much 
more  simplified  EJB  development. 

•  Persistence  API,  a  new  standard  API  for  object 
relational  mapping,  a  method  of  representing 
data  from  database  as  Java  beans. 

•  JavaServer  Faces  framework,  designed  to  make 
it  easier  to  build  Web-based  user  interfaces  in 
Java. 

•  Use  of  annotations,  which  let  developers  avoid 
dealing  with  certain  J2EE  deployment  descriptors. 


model  from  JBoss  that  simplifies  the  task  of 
writing  complex  Java  applications  by  mask¬ 
ing  some  of  the  code  required  to  handle 
application  state  management.  “It  drives  a 
lot  of  code  out  of  the  process,”  Connolly 
says.  And  less  code  means  fewer  bugs,  he 
says. 

Java  EE  5 

In  the  bigger  picture,  application  simplici¬ 
ty  is  a  key  theme  of  the  forthcoming  Java 
Platform  Enterprise  Edition  5  (Java  EE  5) 
specification,  which  is  nearing  complet- 
tion.  Earlier  this  year  Sun  announced  a  new 
naming  convention  for  its  Java  platform, 
dropping  J2EE  5.0  in  favor  of  Java  EE  5. 

App  server  vendors  Oracle  and  JBoss 
have  begun  developing  with  Java  EE  5,  the 
cornerstone  of  which  is  the  latest  release  of 
the  EJB  component  architecture. 

In  the  past,  hampering  EJB  adoption  were 
complex  development  and  heavyweight 
container  requirements,  but  EJB  3.0  is  light¬ 
weight  and  much  easier  to  program, 
Connelly  says.  “If  you’ve  had  any  precon¬ 
ceived  notions  about  Enterprise  JavaBeans 
in  the  past,  I  encourage  folks  to  erase  their 
memories.  Because  this  is  basically  how 
things  should  have  been  done  in  the  first 
place,”  he  says.“It’s  tough  to  say  on  average 
how  much  it  simplifies  things  down,  but  it 
can  be  a  factor  of  lOx  in  the  size  of  code.” 

Blake  Connell,  who  handles  product  mar¬ 
keting  for  BEA  Systems’  WebLogic  Server, 
agrees.“One  of  the  knocks  on  EJB  is  that  it’s 
a  pretty  highball  art  for  developers.  The 


next  EJB  release  will  alleviate  some  of  that,” 
Connell  says. 

For  its  part,  BEA  made  quick  advances 
into  the  world  of  Java  EE  5  with  its  recent 
purchase  of  SolarMetric,  a  Java  tools  maker 
known  for  its  persistence  engine.  Object- 
persistence  technology  helps  developers 
work  with  relational  databases  and  handle 
transient  objects,  such  as  an  online  shop¬ 
ping  cart  or  airline  ticket  reservation. 

BEA  plans  to  incorporate  SolarMetric’s 
Kodo  engine  into  its  next  major  WebLogic 
Server  release,  due  in  late  2006.  In  the 
meantime,  developers  can  download  the 
SolarMetric  technology,  if  they  want  to 
play  with  Java  EE  5  and  EJB  3.0  previews, 
Connell  says. 

Another  early  player  in  the  EJB  3.0  world 
is  Oracle,  which  co-led  the  specification 
development  with  Sun  and  has  released  a 
preview  version  of  its  EJB  3.0-ready  Oracle 
Application  Server.  Oracle  Application 
Server  lOg  Release  3,  which  is  scheduled  to 
be  available  by  midyear  2006,  will  offer 
baked-in  support  for  Java  EE  5  and  EJB  3.0. 

JBoss,  too,  offers  a  preview  of  EJB  3.0  and 
plans  to  include  support  for  it  in  JBoss 
Application  Server  5.0  when  it  comes  out 
next  year.  IBM  will  support  the  new  specs  in 
WebSphere  Application  Server  6.1,  due  out 
next  year. 

Other  trends 

Another  key  theme  among  J2EE  applica¬ 
tion  server  vendors  is  open  source.  As  open 
source  J2EE  products  mature,  it’s  becoming 
a  long-term  option  for  mainstream  enter¬ 
prises,  according  to  Gartner. 

JBoss  is  a  pioneer  in  open  source  J2EE, 
but  it  faces  growing  competition  from 
some  big  players.  The  latest  to  lay  claim  on 
the  market  is  IBM,  which  in  May  acquired 
open  source  middleware  vendor  Gluecode 
Software. 

In  October  IBM  announced  plans  to 
release  a  “community  version”  of  its  Web¬ 
Sphere  Application  Server  based  on 
Apache  Geronimo.  WebSphere  Application 
Server  Community  Edition  (WAS  CE)  will 
use  Apache  Derby  and  Apache  Geronimo. 
It’s  freely  available,  and  users  can  opt  for  a 
support  license  as  part  of  IBM’s  WebSphere 
portfolio,  says  Marie  Wieck,  vice  president 
of  IBM’s  WebSphere  platform. 

It’s  not  uncommon  for  users  to  do  initial 
development  work  using  the  WAS  CE  open 
source  application  server  and  then  port  the 
application  to  a  network-ready  version  of 
WebSphere  as  production  requirements 


grow, Wieck  says.“They  can  start  very  quick¬ 
ly  and  easily  without  concerns  about  cost 
models,  see  how  it  progresses  and  then  if 
there  are  large  volume  or  full  production- 
level  requirements,  they  can  always  switch 
over  to  a  more  traditional  approach.” 

On  the  open  source  front,  BEA  has  a  strat¬ 
egy  for  what  it  calls  a  “blended  open  source 
development,"  which  lets  developers  use  a 
mix  of  open  source  and  commercial  prod¬ 
ucts.  BEA  plans  to  merge  its  existing  Web¬ 
Logic  Workshop  developer  tools  with  the 
NitroX  toolset  gained  in  its  recent  purchase 
of  M7,  which  makes  an  Eclipse-based  inte¬ 
grated  development  environment. 

A  push  for  industry-tailored  products  also 
is  an  emerging  trend  among  key  J2EE  appli¬ 
cation  server  vendors. 

Newly  available  from  BEA  is  WebLogic 
SIP  Server  2.1,  an  integrated  J2EE  and 
Session  Initiation  Protocol  (SIP)  applica¬ 
tion  server.  It’s  aimed  at  helping  telecom 
companies  accelerate  the  deployment  of 
new  multimedia  services,  says  Ken  Lee, 
who  handles  product  marketing  for  BEAs 
WebLogic  Communications  Platform. 

“Any  new  SIP  apps  that  are  built  — 
whether  it’s  voice  over  IRor  video  over  IP 
—  by  definition  will  need  an  integration 
with  HTTP  or  the  Web,”  Lee  says.  “It  makes 
a  lot  of  sense  for  developers  to  be  able  to 
develop  to  a  single,  integrated  J2EE-SIP 
platform.” 

IBM,  too,  is  readying  a  SIP-enabled  version 
of  WebSphere  Application  Server  aimed  at 
the  telecom  industry  and  due  out  next 
year,  Wieck  says.  SIP  support  will  be  baked 
into  the  product,  not  tacked  on,  she  says. 
“We  see  it  as  an  extension  to  the  applica¬ 
tion  server,  not  as  a  separate  add-on.” 

For  BEA,  another  key  area  of  focus  for  its 
application  server  group  is  making  inroads 
into  traditionally  Java-wary  shops.  Due  to 
be  available  this  month  is  BEA  WebLogic 
Real  Time  Edition,  which  is  aimed  at  han- 
dling“very  precise  transactions  that  need  to 
occur  very  rapidly  and  with  a  high  degree 
of  predictability’ Connell  says. 

In  the  past,  developers  requiring  predic¬ 
tability  down  to  the  millisecond  —  such  as 
for  a  financial  services  firm’s  trading  appli¬ 
cation  —  have  avoided  Java  because  of 
inherent  latency  related  to  the  way  the  lan¬ 
guage  handles  memory  management,  he 
says.  In  WebLogic  Real  Time  Edition,  BEA 
has  built  a  precise,  predictable  way  of  doing 
memory  management  that  lets  users  make 
service-level  guarantees  required  by  time- 
sensitive  environments.  ■ 
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SERVICE  PROVIDERS 

THE  INTERNET  M  VPNS  W.  INTEREXCHANGES  AND  LOCAL  CARRIERS  I  WIRELESS  ®  REGULATORY  AFFAIRS  K  CARRIER  INFRASTRUCTURE 


It’s  a  content  conundrum 


Cingular,  Orange  team 
on  cellular  service 


It’s  official  —  the  Verizon/MCI  and 
SBC/AT&T  mergers  have  gotten  final 
approvals  from  federal  and  state  authori- 
ties.The  next  step,  the  joke  goes,  is  for  AT&T 
and  Verizon  to  buy  each  other,  thus  recon¬ 
stituting  the  original  Ma  Bell. 

Not  likely. The  next  new  frontier,  as  many 
folks  have  noticed,  has  to  do  with  redefin¬ 
ing  the  relationship  between  content  and 
carriers.  Consumers  are  increasingly  turn¬ 
ing  to  the  Internet  for  news,  shopping  and 
entertainment,  as  well  as  communications 
services.  According  to  a  recent  study  by 
Nielsen/NetRatings,  one  in  four  Internet 
users  reads  a  newspaper  online. And  half  of 
all  U.S.  Internet  users  obtain  coverage  of  sig¬ 
nificant  events  such  as  Hurricane  Katrina 
online,  according  to  a  new  study  by  the 
Pew  Internet  and  American  Life  Project. 
USA  Today  calls  the  Monday  after 
Thanksgiving  “cyber  Monday”  because  of 
the  high  volume  of  online  shoppers.  As  for 
entertainment  —  does  anyone  younger 
than  30  watch  TV  or  listen  to  the  radio  these 
days,  or  are  they  downloading  content 
(legally  or  otherwise)  from  the  Web? 

In  response,  telcos  such  as  AT&T  and 
Verizon  are  investing  billions  in  the  TV  busi¬ 
ness,  planning  to  go  toe-to-toe  with  the 
cable  companies  to  deliver  a  one-stop  shop 
for  communications,  television  and 
Internet  services.  Given  such  a  focus,  you 
might  think  the  next  logical  merger  would 
be  between  a  carrier  and  a  content 
provider. 

There’s  just  one  catch. The  telcos  and  the 
cable  companies  are  missing  the  point, 
which  is  that  21st-century  content  is 
increasingly  collaborative  and  distributed. 
As  the  Pew  Internet  and  American  Life 
Project  recently  documented,  57%  of  teens 
who  use  the  Internet  (that’s  about  12  mil¬ 
lion  kids  ages  1 2  to  1 7)  are  also  content  ere 
ators:  They’ve  created  a  blog  or  Web  page, 
posted  original  artwork  or  photographs, 
written  stories  or  produced  videos,  or 
remixed  online  content,  including  music. 
They’re  also  TV  watchers,  iFbd  listeners  and 
video-game  players  who  instant-message 
their  friends  while  chatting  on  cell  phones. 
As  Greg  Kot,  music  critic  for  the  Chicago 
Tribune  notes, “They’re  used  to  having  their 
entertainment  now,  not  waiting  for  a  corpo¬ 
ration  to  serve  it  to  them  on  its  own  care¬ 
fully  calibrated  marketing  schedule.” 

Bingo.  If  Verizon  and  AT&T  are  serious 
about  getting  into  the  entertainment  busi¬ 
ness,  they  need  to  think  about  how  best  to 
leverage  their  assets  (Internet  backbones, 


broadband  access  to  consumers,  world- 
class  quality  of  service)  so  as  to  enable  the 
kind  of  distributed  content  creation  that’s 
the  hallmark  of  21st-century  communica¬ 
tions.  It’s  not  about  piping  “content”  to  pas¬ 
sive  consumers  (the  old  cable  model).  It’s 
about  delivering  a  framework  that  enables 
users  to  easily  find, procure  and  create  con¬ 
tent  on  their  own. 

Part  of  that  framework  exists  —  it’s  called 
IPWhat’s  missing  is  the  next  generation  of 
search  and  indexing  (something  Google 
and  Microsoft  are  both  working  on), as  well 
as  viable  payment  schemes. 

If  the  telcos  want  to  get  serious  about 
beating  the  cable  companies  at  the  content 
game,  they’ll  need  to  think  hard  about  how 
to  enable  21st-century  content  creation. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


BY  ELIZABETH  MONTALBANO, 

IDG  NEWS  SERVICE 

Microsoft  last  week  released  an  upgrade 
to  its  hosted  messaging  and  collaboration 
suite  that  includes  Exchange  Server  tech¬ 
nology  for  pushing  company  e-mail  seam¬ 
lessly  to  Windows  Mobile  devices. 

Microsoft  Solution  for  Hosted  Messag¬ 
ing  and  Collaboration  3.5,  used  by 
Microsoft  service-provider  partners  to 
host  e-mail  and  collaboration  services  for 
small-to-midsize  businesses,  includes 
Microsoft’s  Exchange,  Windows  Share- 
Point  Services  and  Live  Communications 
Server  2005. 

The  suite  is  available  on  a  hosted  basis  to 
partners  in  Microsoft’s  Windows  Hosted 
program  along  with  technical  support  and 
guidelines  for  deployment. There  are  about 


BY  JOHN  BLAU,  IDG  NEWS  SERVICE 

Two  big  mobile  phone  operators,  one  in 
the  United  States,  the  other  in  Europe,  are 
teaming  to  offer  tailored  services  to  multi¬ 
national  companies  operating  on  both 
sides  of  the  Atlantic. 

Orange  SA  has  agreed  to  join  the  Cingular 
Wireless  Worldview  program,  which  pro¬ 
vides  multinationals  with  a  one-stop  sales 
contact,  a  Web-based  portal  to  monitor  key 
usage  and  billing  data,  and  a  volume  dis¬ 
count  plan. 

“The  key  goal  is  to  provide  consolidated 
mobile  services  to  a  specific  segment, 
which,  in  this  case,  is  the  multinational 
compand’  says  Fabien  Gustaffson,  director 
of  multinational  company  business  devel¬ 
opment  at  Orange. 

The  move  to  coordinate  sales  to  provide 
a  single  response  to  multinational  compa¬ 
nies  “is  clearly  what  users  want,”  wrote 
Jeremy  Green,  a  wireless  analyst  with 
Ovum,  referring  to  the  service. 

Perhaps  the  most  attractive  component 
of  the  three-part  service  is  the  volume  dis¬ 
count.  With  Orange  on  board,  multination¬ 
als  on  the  Cingular  Digital  Advantage 
(CDA)  discount  scheme  can  include  their 


9,000  service  providers  in  the  program. 

The  upgrade  includes  support  for  soft¬ 
ware  updates  that  have  been  made  avail¬ 
able  since  the  last  release  of  the  hosted 
product,  including  Exchange  Server  2003 
Service  Pack  (SP)  2, Windows  Server  2003 
SP1  and  Live  Communications  Server 
2005  SP1. 

New  technology  for  sending  e-mails 
hosted  on  Exchange  Server  directly  to 
Windows  Mobile  devices  is  available  in 
Exchange  Server  2003  SP2.The  technolo¬ 
gy,  called  Direct  Push  Technology,  elimi¬ 
nates  the  need  for  a  Short  Message 
Service  alert  to  users  when  they  have  new 
e-mail  on  a  Windows  Mobile  device. 
Instead,  SP2  allows  e-mails  to  be  sent 
directly  from  Exchange  to  Windows 
Mobile  devices.  ■ 


usage  on  Orange’s  European  network,  with 
operations  in  17  countries,  to  receive  a 
larger  discount. 

“Companies  that  have  been  receiving, say, 
a  10%  volume  discount  for  their  U.S.  mobile 
communication  usage  can  now  add,  for 
instance,  another  5%  for  their  usage  on 
Orange’s  networks,” says  Derek  Austin,  mar¬ 
keting  director  for  multinational  customers 
at  Orange.  “For  some  companies,  that  can 
result  in  some  significant  savings.” 

One  shortcoming:The  discount  plan  ben¬ 
efits  only  Cingular  customers  on  its  CDA 
plan,  and  not  Orange’s  multinational  cus¬ 
tomers  that  spend  money  on  mobile 
phone  services  in  the  United  States. 

“This  is  the  first  stage  of  this  partnership, 
which  will  evolve,”  Austin  says.  “We’ll  be 
looking  at  this  discount  program  moving 
forward." 

The  decision  to  join  Worldview  could  be 
the  beginning  of  a  partnership  that  might 
lead  to  many  other  new  services, 
Gustaffson  says. 

“Both  of  our  networks  are  based  on  GSM 
technology’ Gustaffson  says.  “So  I  certainly 
see  some  other  opportunities  where  we 
can  partner  in  the  future.” 

Asked  whether  joint  procurement 
could  be  one  of  them,  he  says  it  is  not 
part  of  the  current  agreement  but  could 
be  considered. 

Whether  a  move  to  drop  roaming  fees 
between  the  two  mobile  operators  could 
also  become  an  option  is  unclear. 

“Roaming  is  a  valuable  service  and  it 
has  a  price,”  Gustaffson  says.“Cingular  and 
Orange  have  roaming  agreements  today. 
What  we  do  in  the  future  is  something 
else.”  ■ 


IT  road  map  event 

See  how  your  list  compacts  with  that  of  industry 
experts  at  a  Network  World  event  exclusively  for 
executives  responsible  for  IT  performance  in  2006. 
Register  now  to  attend  free  —  and  when  you 
attend,  you'll  automatically  qualify  to  win  a  42-inch 
plasma  TV  to  be  given  away  at  the  event. 
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hosted  service  suite 
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AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


SAML  2.0  simplifies  federation 


HOW  IT  WORKS:  SAML  2.0 


The  federation  standard  SAML  2.0  enables  a  Web  site  to  allow  another  domain 
to  authenticate  a  user. 
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□  A  user  attempts  to  access  a  Web  site.  Since  the  user  has  not  been  authenticated,  the  site  redirects 
his  browser  to  the  local  federation  server. 

□  The  local  federation  server  redirects  the  user  to  a  remote  federation  server,  which  challenges  his 
identity,  The  user  provides  his  user  name  and  password. 


B  The  remote  federation  server  verifies  the  user  against  its  Lightweight  Directory  Access  Protocol 
(LDAP)  server  If  the  user's  credentials  are  verified,  the  remote  federation  server  creates  a  SAML 
assertion,  embeds  it  in  his  browser  and  redirects  him  back  to  the  local  federation  server. 

□  The  local  federation  server  extracts  the  SAML  assertion  and  creates  a  session  cookie  for  the  Web 
site.  The  user's  browser  is  redirected  to  the  Web  site. 


BY  PATRICK  HARDING 

Until  this  year,  identity  federation  has  suf¬ 
fered  from  the  problem  of  too  many  stan¬ 
dards.  Companies  that  deployed  federation 
before  the  fourth  quarter  were  forced  to 
deal  with  five  incompatible  protocols: 
OASIS  Security  Assertion  Markup  Language 
1.0  and  1.1,  Liberty  Alliance  ID-FF  1.1  and 
1.2  and  Shibboleth.  The  result  was  a  com¬ 
plex  matrix  of  enterprise  and  consumer  use 
cases,  protocols  and  implementations  that 
slowed  the  growth  and  increased  the  cost  of 
federation  deployments. 

The  Organization  for  the  Advancement  of 
Structured  Information  Standards  (OASIS), 
the  Liberty  Alliance  and  Shibboleth  have 
since  joined  forces  to  create  a  single  stan¬ 
dard  that  would  make  their  previous  work 
obsolete.  The  result  is  SAML  2.0,  which 
OASIS  ratified  in  March  and  is  beginning  to 
appear  in  vendor  products.  SAML  2.0  radi¬ 
cally  alters  the  federation  landscape  by  re¬ 
moving  the  largest  barrier  to  increased  fed¬ 
eration  adoption:  multiprotocol  complexity 

OASIS,  Liberty  and  Shibboleth  originally 
came  at  federation  from  three  perspectives: 
OASIS  SAML  focused  primarily  on  business- 
to-business  interactions  (single  sign-on 
between  enterprises),  Liberty  focused  on 
consumer  (business-to-consumer)  interac¬ 
tions  requiring  privacy,  and  Shibboleth 
focused  on  educational  environments  re¬ 
quiring  anonymity.  Hence,  they  modified 
and  extended  the  original  SAML  1.0  speci¬ 
fication  to  support  different  uses.These  fed¬ 
eration  protocols  are  interoperable  or  back- 
ward-compatible. 

Before  SAML  2.0,  organizations  looking  to 
deploy  federated  identity  had  to  negotiate 


protocol  selection  with  each  federation 
partner.  Many  had  to  support  multiple  pro¬ 
tocols  through  protocol  mapping  and  trans¬ 
lation  techniques  that  cause  support  gaps 
for  key  features  or  capabilities. 

SAML  2.0  incorporates  every  critical-use 
case  and  feature  from  every  predecessor 


protocol  into  a  single  standard.  As  it  repre¬ 
sents  a  superset  of  all  the  functionality  in  all 
five  predecessors,  SAML  2.0  makes  them 
obsolete. 

SAML  2.0  describes  two  roles  for  enabling 
federation;  the  service  provider  is  the  entity 
that  makes  an  application  or  resource  avail¬ 


able  to  the  user,  while  the  identity  provider 
is  responsible  for  authenticating  the  user. 
The  service  provider  and  the  identity  pro¬ 
vider  exchange  messages  to  enable  single 
sign-on  and  single  log-out.  These  message 
exchanges  can  be  initiated  by  the  identity 
provider  or  the  service  provider. 

For  single  sign-on,  the  identity  provider  is 
responsible  for  creating  a  SAML  assertion 
that  contains  the  identity  of  a  user  and  then 
securely  sends  that  assertion  to  the  service 
provider.The  service  provider  is  responsible 
for  validating  the  SAML  assertion  before  let¬ 
ting  the  user  access  the  application. 

A  SAML  assertion  is  an  XML  document 
that  contains  many  statements  pertaining 
to  the  identity  of  the  user.  These  statements 
include  information  about  how  a  user  was 
authenticated  and,  optionally  additional 
user  attributes. 

This  exchange  of  messages  can  occur  via 
different  SAML  bindings,  such  as  using  an 
HTTP  form  Post  via  the  browser,  or  a  Simple 
Object  Application  Protocol  back-channel 
interaction. 

The  convergence  of  federation  use  cases 
within  SAML  2.0  will  have  a  major  effect  on 
companies  wishing  to  use  federation  as  a 
means  of  sharing  identity-related  informa¬ 
tion  cross-boundary  It  simplifies  the  selec¬ 
tion  of  a  protocol  and  eliminates  the  need 
to  run  overly  complex,  confusing  and 
expensive-to-maintain  multiprotocol  solu¬ 
tions.  Current  deployments  based  on  SAML 
1 .0  and  1. 1  or  Liberty  ID-FF  1 . 1  and  1 .2  will 
likely  upgrade  to  SAML  2.0  in  2006. 

Harding  is  CTO  for  Ping  Identity.  He  can 
be  reached  at  pharding@pingidentity.  com. 
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A  few  years  ago  you  wrote  about  GhostScript- 
based  PDF  creation  tools  (www.networkworld. 
com,  DocFinder:  1129).  We  haven’t  been  success¬ 
ful  with  this  and  wonder  whether  there’s  an 
update  or  another  open  source  option  for  cre¬ 
ating  PDF  files  on  Windows  systems. 

Open  Office  (www.openoffice.org)  is  an  open  source 
suite  based  on  Sun’s  Star  Office.  It  uses  the  Open- 
Document  formats  approved  by  the  Organization  for  the 
••  .ancement  of  Structured  Information  Standards.  In 


addition  to  providing  an  open  source  package  that  can 
read  and  write  Microsoft  Office  document  formats, 
Open  Office  includes  the  built-in  ability  to  generate  PDF 
files  by  choosing  "Export  as  PDF"  from  the  File  menu. 
With  Open  Office  you  can  create  PDF  files  from  docu¬ 
ments,  spreadsheets  and  presentation  files. 

The  Export  as  PDF  feature  does  an  excellent  job  of 
generating  PDF  files  that  preserve  the  formatting  of  the 
original  document.  With  Microsoft  appearing  to  make 
more  open  its  Office  document-format  specification  to 
the  European  standards  group  ECMA  International,  we 


may  see  a  move  toward  open  document  standards  that 
make  moving  between  applications  more  reliable  — 
even  if  the  eventual  standard  is  something  other  than 
the  current  OpenDocument  or  Microsoft  formats. 

Until  then,  the  most  reliable  PDF  creation  results  and 
access  to  the  full  set  of  PDF  features  are  best  provided 
by  the  full  version  of  Adobe  Acrobat. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@changeat 
work.com. 


Simplify  your  I.  T.  and  your  business.  IBM  servers  and  storage  are  designed  to 
help  you  do  just  that.  Take  the  IBM  Total  Storage®  DS4100  Express  with  DACstore. 

It  can  help  you  reconfigure  or  add  capacity  while  staying  up  and  running. 
l\lo  need  to  stop  to  reset  drives. 

Because  with  IBM  Express,  innovation  comes  standard.  That’s  true  for  servers, 
storage  and  printers.  What’s  more,  you  can  keep  your  technologies  current 
while  helping  to  reduce  costs  -  through  IBM  Global  Financing. 

All  things  considered,  an  I.  T.  hero  deserves  nothing  less. 

MEET  3  HEROES  IN  THE  BATTLE  AGAINST  I.T.  COMPLEXITY. 

YOU’RE  THE  4TH. 


IBM  TotalStorage  DS4100  Express 

Ships  with  1.25TB1 

DACstore  for  configuration  metadata 
3.5TB  with  1  controller;  28TB  with  2; 

Limited  warranty:  1  year  on-site2 

From  $7,349* 

(Other  configurations  as  low  as  $6,599) 

IBM  Financing  Advantage 
Only  $206/mo,3 
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IBM  eServer  OpenPower  720  Express 

Built  on  IBM  POWER5™  technology 
and  tuned  for  Linux* 
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2-  or  4-way  64-bit,  rack  or  tower  models 

Up  to  8GB  of  memory,  disk  capacity 
up  to  1.1TB' 

Optional  Advanced  Virtualization  features 

DB21'  Express  Discover  CD 

Limited  warranty:  up  to  3  years  on-site2 
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IBM  TotalStorage  3580  Express 

Helps  protect  LTO™  investment 

Built  on  Ultrium™  3  technology 

Read/write  compatible  with  Ultrium  2  drives 
-  read  compatible  with  Ultrium  1  drives 

Up  to  800GB  cartridge  physical  capacity 
with  2:1  compression' 

Limited  warranty:  3  years  on-site2 


From  $5,850* 


From  $9,774* 

IBM  Financing  Advantage 

Only  $273/rno? 


IBM  Financing  Advantage 

Only  $164/mo.3 


Learn  more  about 
our  full  range  of 
IBM  Express  products 
and  find  the 
IBM  Business  Partner 
near  you. 


ibm.com/ 

systems/innovate2 


1  800-IBM-7777 

mention  104CE05A 


*AII  prices  stated  are  IBM's  estimated  retail  selling  prices  as  of  September  13, 2005.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are 
subject  to  availability.  This  document  was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries  1.  Denotes  raw  storage  capacity. 
Usable  capacity  may  be  less.  2.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending  a  technician.  On-site  warranty 
is  available  only  tor  selected  components.  3.  IBM  Global  Financing  offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and 
government  customers.  Monthly  payments  provided  are  for  planning  purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  a  FMV  lease  of  36  monthly  payments.  Other 
restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice.  IBM,  the  IBM  logo,  eServer, TotalStorage.  OpenPower,  POWERS  and  0B2  are  trademarks  or  registered  trademarks 
of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  Linux  is  a  trademark  of  Linus  Torvalds  in  the  United  States  and  other  countries.  LTO  and  Ultrium  are  trademarks  of  Certance, 
HP  and  IBM  in  the  U.S.  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  ot  others.  ©2005  IBM  Corporation.  All  rights  reserved. 
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insanely  cool  VMware  Player 


The 

Last  week  we  finished  with  a  brief 
discussion  of  VMware’s  free  VMware 
Player,  which  is  essentially  an  amaz¬ 
ingly  useful  run-time  for  virtual 
machines  that  runs  under  Windows 
and  Linux. 

As  was  noted  in  Gibbsblog  a  few 
weeks  ago,  when  VMware  Player  was 
first  released  it  wasn’t  “just  for 
[VMware’s]  own  VMs,  but  also  for 
VMs  created  with  Microsoft’s  VM 
environment, Virtual  PC  [and  Virtual 
Server],  as  well  as  Symantec 
LiveState  Recovery  disk  formats.” This  is  an  insanely  cool 
tool  that  others  have  described  as  a  VM  Acrobat  Reader. 

Installing  VMware  Player  (VMP)  is  pretty  simple  under 
Windows,  and  we  suspect  equally  easy  under  Linux.  The 
VMP  requires  about  30M  bytes  of  RAM,  and  most  VMs  will 
need  about  200M  bytes  to  run.  (Linux  will  be  very  happy  in 
that  amount  of  memory,  Windows  less  so  if  you  get  ambi¬ 
tious  and  try  to  run  too  many  applications.)  So,  bank  on  at 
least  250M  bytes  of  RAM  for  each  VMP  you  run  (you  can 
allocate  a  maximum  of  796M  bytes). And, yes, you  can  run 
multiple  copies  of  VMP  simultaneously  but  they  are  each 
separate  instances  —  there’s  no  common  control  console 
for  all  VMs  as  with  the  other  VMware  products. 

An  important  consideration  is  that  you  can’t  have 
VMware’s  VMware  Workstation  installed  on  the  same  PC 
you  use  to  run  VMware  Player.  This  is  disappointing,  but  if 


you’re  interested  in  doing  such  things,  you’ll  probably  be 
running  two  PCs  on  your  desk  anyway 
When  you  run  VMP  it  asks  you  for  a  VM  to  run.  If  you  have 
downloaded  one  of  the  VMware  Virtual  Machine 
Collection’s  preconfigured  VMs  (www.networkworld.com, 
DocFinder:  1132)  it  will  have  a  “vmx”  file  extension.  VMP 
also  can  open  VMs  stored  in  “vmc”  files  (Microsoft  Virtual 
PC)  and  “sv2i”  files  (Symantec  LiveState). 

Installing  VMware  Player  is 
pretty  simple  underWindows, 
and  we  suspect  equally  easy 
under  Linux. 

Note  thatVMRat  least  in  its  current  release,  will  run  VMs 
created  using  the  evaluation  version  of  VMware  Work¬ 
station,  which  seems  a  curious  licensing  loophole. 

An  interesting  and  useful  VM  to  download  and  run,  par¬ 
ticularly  if  you  want  to  get  more  experience  with  Linux,  is 
the  Browser  Appliance,  which  consists  of  Ubuntu  Linux, 
one  of  the  coolest  distros  around,  with  FireFox  pre-loaded. 

<digression>Note  that  the  Browser  Appliance  includes 
FireFox  1.07,  but  FireFox  1.5  has  just  been  released.  FireFox 
1 .5  is  a  big  improvement  if  only  because  it  can  successfully 
run  Google  Maps!  Performance  is  also  improved;  security  is 
upgraded;  an  automated  update  feature  is  included;  drag 
and  drop  tab  reordering  has  been  added;  Mac  OS  X  10.2+ 
support  is  improved,  including  profile  migration  from  Safari 


and  Mac  Internet  Explorer;  and  support  has  been  added  for 
SVG,  CSS  2  and  CSS  3,  and  JavaScript  1 ,6.</digression> 

If  you’ve  used  VMware  Workstation  you’ll  notice  that  the 
user  interface  for  VMP  is  different;  the  player  menu  bar  is 
much  simpler  than  VMware  Workstation’s  and  only  allows 
setting  various  options,  changing  the  memory  allocated  to 
the  VM,  along  with  VM  power-off  and  reset.  (You  have  to 
shut  down  the  operating  system  running  in  the  VM  if  you 
want  a  clean  operating  system  shutdown.) 

The  only  major  feature  lacking  in  the  VMware  Player  is  a 
facility  for  taking  a  “snapshot”  —  that  is,  a  copy  of  the  run¬ 
ning  VM  so  it  can  be  restarted  from  that  point.That  said,  the 
Player  recognizes  snapshots  in  virtual  machines  saved  to 
other  VM  management  products,  so  with  VMP  you  can 
power  on  a  “snapshotted”  VM  from  its  saved  state. You  also 
will  revert  to  the  snapshot  if  the  VM  is  configured  to  auto¬ 
matically  revert  upon  poweroff. 

We  had  to  do  some  searching  to  find  out  what  the  default 
root  password  for  the  Browser  Appliance  is.  Given  this  is 
VMware’s  benchmark  VM  we  should  have  guessed  . . .  yep, 
you  got  it:  vmware. 

With  the  Browser  Appliance  VM  just  under  220M  bytes 
and  the  VMware  Player  under  20M  bytes,  this  could  be  an 
interesting  opportunity  to  use  a  USB  thumb  drive  to  create 
an  ultra-private  browsing  environment.  We’ll  try  setting  this 
up  and  let  you  know  how  it  works  out. 

Tell  us  what  tech  toys  you  want  for  the  holidays  at 
gearhead@gibbs.  com. 


GEARHEAD 


INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


The  scoop:  Thump  2  (lG-byte  version),  about  $450,  from  Oakley 
(oakley  com). 

What  it  is:  The  latest  version  of  Oakley's  digital  music  eyewear,  the 
Thump  2  adds  more  memory  (available  in  256M-.512M-  or  lG-byte  versions)  and  as 
much  as  six  hours  of  playback  time  on  a  single  battery  charge.The  earphones  have 
been  redesigned  for  a  more  comfortable  fit,  and  the  design  of  the  sunglasses  now 
allows  you  to  flip  them  behind  your  ears  and  still  hear  the  music. 

Why  it’s  cool:  When  1  tried  the  first  version  of  the  Oakley  Thump  (www.network- 
world.com,  DocFinder:  1131),  1 
had  three  complaints  (comfort, 
non-prescription  and  no  display). 

omfort  has  been  addressed  — 
the  car  booms  now  fit  in  your  ears 
nore  covnfortably  than  before.  In 
fcx  Lyot:  dor  t  have  to  insert  them  — 
you  car:  position  them  outside  your 

ears  and  still  hear  the  music.  Second,  the  sun-  A  „  .  ... 

.  .  .  The  Oakley  Thump  2  makes  listen- 

glasses  now  are  presc:  ption-ready  so  you  can  ing  t0  music  more  fashionable. 

wear  them  while  driving  {  with  no  music  play¬ 
ing,  of  course). There’s  still  no  display  to  let  you  select  what  songs  you  want  to  hear 
(as  an  iFbd  or  similar  device  does),  so  you  play  songs  in  the  order  that  you  trans¬ 
ferred  them  from  a  PC  or  pick  the  random  mode. 

Is  it  worth  $450?  That  will  buy  you  an  iFbd  with  a  lot  more  memory  and  the  abili¬ 
ty  to  select  the  songs  you  want  to  listen  to,  but  then  you  can’t  really  go  mountain  bik¬ 
ing  or  snowboarding  with  an  iFbd  very  comfortably  The  Thump  2  isn’t  meant  to 
compete  with  iFbds  as  much  as  complement  a  fashionable  digital  music  enthusiast. 
You  also  can  spend  less  on  the  256M-byte  ($300)  or  512M-byte  ($350)  models. 


Some  caveats:  The  system  will  support  .M4A  files  created  from  Apple  iTunes  soft¬ 
ware,  but  it  won’t  support  the  .M4P  format  that  the  iTunes  Music  Store  uses. The  sys¬ 
tem  also  supported  Windows  Media  Audio  formats,  but  we  had  to  update  our 
Windows  Media  Player  software. 

Grade:  ★★★★★  (out  of  five) 

The  scoop:  X-OOM  MP3  Radio  Recorder  for  iFbd,  about  $30,  from  X-OOM  Software. 

What  it  is:  Software  that  records  simultaneous  streams  of  Internet  radio  stations  to 
your  PC.The  software  can  record  as  many  as  six  streams  on  a  typical  broadband  line 
(DSL  or  cable), or  as  many  as  20  on  a  dedicated  Internet  connection  (although  your 
IT  department  might  visit  you  if  you  try  this  at  work).  Recordings  are  stored  as  indi¬ 
vidual  MP3  files  that  can  then  be  transferred  to  an  iFbd  or  other  music  player.  Other 
features  include  an  audio  converter  (convert  from  WAV  to  MP3  for¬ 
mat),  an  ID3  Tag  Editor  and  the  ability  to  burn  audio  tracks  directly 
to  a  CD. 

Why  it’s  cool:  When  I  was  7,  the  easiest  way  for  me  to  get  music  was  to 
sit  at  the  radio  with  my  tape  recorder  and  hit  record.Thirty  years  later,  this  soft¬ 
ware  does  the  same  thing,  but  now  I  can  choose  from  6,000  worldwide 
Internet  radio  streams. 

Recording  simultaneous  streams  without  having  to  listen  to  them  while 
they  stream  also  is  nice  —  you  can  record  a  bunch  of  streams  overnight  and 
have  a  bunch  of  new  songs  to  listen  to  in  the  morning.  The  user  interface  was 
extremely  easy  to  use  and  understand,  and  I  could  add  my  own  favorite  Internet 
radio  stations  if  1  couldn’t  find  them  in  the  X-OOM  list. 

X-OOM  says  recording  a  public  broadcast  stream  is  OK, and  the  software  works  on 
the  same  premise  as  recording  a  television  program  with  a  VCR. 

Grade:  ★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com.  The  Cool  Tools  video  spotlight  this 
week  features  an  interview  with  Oakley  tech  guru  Colin  Smith  about  the  new  line  of 
Thump  digital  music  sunglasses.  Check  it  out  at  www.networkworld.com/video. 


REPELS  INTRUDERS, 
EMBRACES  SIP  PROTOCOL 


Moving  to  VoIP  shouldn’t  create  security  issues  for  your  business.  It  since  encryption  is  a  standard  feature,  it  is  impossible  for  anyg; 

should  eliminate  them.  That’s  why  the  Zultys  MX250  IP  PBX  runs  on  sensitive  communications.  Best  of  all,  the  Zultys 

a  real-time  Linux  operating  system  that  is  straight  out  of  the  box.  To  learn  more  about;  f % 

secure  and  not  vulnerable  to  attack.  And,  adding  secure  VoIP,  access  www.zultys.coniaiw. 


PRODUCT  BREAKTHROUGH 

CONVERGENCE 


VoIP  vs.  VolQ 

f  '  •  ■>*?£?■ ,/  •  ■ 

<  lit  .  •« 


€  2005  Zuriys  Technologies 
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Two  industry  insiders  debate  the  merits  of  two  popular  security  technologies. 


Is  penetration  testing  more  effec¬ 
tive  than  vulnerability  scanning? 


Yes 

Paul  Paget 

Core  Security  Technologies 

ompanies  are  struggling  to  keep  up  with  a  barrage  of  network  security  night¬ 
mares,  including  viruses,  worms  and  hacker  attacks.  This  makes  it  more  diffi¬ 
cult  to  protect  core  assets, such  as  sensitive  personnel  information,  customers’ 
credit  card  numbers  and  intellectual  property. There  are  frequent  reports  of  suppos¬ 
edly  secure  networks  failing,  resulting  in  lost  revenue  and  damaged  reputations. 

To  combat  these  increasing  threats,  network  administrators  must  choose  from  a  host 
of  products, services  and  practices.Two  common  solutions  are  penetration  testing  and 
vulnerability  scanning.These  solutions  are  often  lumped  together,  but  there  are  signifi¬ 
cant  differences  between  them. Vulnerability  scans  identify  potential  problems  based 
on  an  evaluation  of  a  network’s  defenses  and  known  vulnerabilities.  Penetration  test¬ 
ing  reveals  more  information  about  a  network  by  actively  attacking  a  system,  probing 
all  defenses  and  revealing  real,  not  theoretical,  vulnerabilities. 

Both  methods  have  an  important  role  in  testing  network  security  At  Core  Security 
Technologies,  we  recognize  the  importance  of  vulnerability  scanning,  use  it  in  our  con¬ 
sulting  practice  and  partner  with  several  companies  that  provide  this  technology  But 
while  vulnerability  scanning  is  a  good  first  step,  it  shouldn’t  be  considered  the  final 
step,  because  it  doesn’t  answer  the  fundamental  question, “Is  my  network  secure?” 

Vulnerability  scanning  does  not  address  the  implications  of  an  intrusion,  leaving  net¬ 
work  administrators  to  determine  if  a  vulnerability  is  real  or  a  false  positive,  if  it  can  be 
exploited  and  what  risk  it  poses  to  a  network.  Without  determining  the  true  threat  to  a 
network,  administrators  must  devote  resources  to  patching  every  vulnerability  often 
wasting  significant  time  and  effort  patching  systems  that  may  not  require  it. 

A  penetration  test  is  an  authorized  attempt  to  breach  the  security  defenses  of  a  sys¬ 
tem  using  the  techniques  of  hackers,  worms  and  viruses.  With  a  penetration  test,  you 
exploit  vulnerabilities  in  your  network  and  try  to  replicate  the  kinds  of  access  a 
t -acker  could  achieve  and  identify  which  resources  are  exposed.  The  results  go  far 
mi  the  data  yielded  by  a  vulnerability  assessment.  An  administrator  is  able  not 
:«*  q./ickly  identify  and  prioritize  real  vulnerabilities  but  also  to  gain  insight  into 
the  t  if; -c. eve m  \s  of  other  security  measures  in  place. 

Some ;  ;  -  -iic-n.'  if  vulnerability  scans  say  running  a  penetration  test  puts  a  network 

service  at  risk  lor  downtime  and  using  exploits  could  compromise  the  network’s  in¬ 
tegrity  However,  with  a  commercial-grade  automated  product,  penetra¬ 
tion  testing  can  be  conducted  in  a  safe  manner  and  poses  less  risk  than 
most  vulnerability  scanners. 

Vulnerability  scanning  is  an  excellent  first  step  for  a  penetration  test, 
but  it’s  important  to  go  further.  Without  running  a  penetration  test,  net¬ 
work  administrators  cannot  be  certain  that  their  networks  can  with¬ 
stand  an  attack.  A  penetration  test  can  identify  and  eliminate  real  paths 

of  attack. 


No 

Ron  Gula 

Tenable  Network  Security 

If  your  organization  requires  proof  of  each  network  vulnerability  with  a  penetration 
test,  then  you  are  focusing  on  the  wrong  problem.  With  new  vulnerabilities  being 
disclosed  daily  it  should  be  assumed  that  all  applications  are  exploitable.  Modem 
networks  should  be  focused  on  minimizing  their  attack  surface,  and  vulnerability  scan¬ 
ning  is  the  best  choice  for  this  task. 

Comparing  penetration-testing  tools  with  vulnerability-scanning  tools  is  like  compar¬ 
ing  the  effectiveness  of  regular  trips  to  the  dentist  and  X-rays  of  bicuspids.  Modem  vul¬ 
nerability-scanning  tools  test  for  thousands  of  known  client  and  server  vulnerabilities 
across  hundreds  of  architectures.They  do  this  with  network  scanning,  host-based  patch 
audits  and  network  sniffing.  Penetration-testing  tools  typically  focus  on  testing  hundreds 
of  exploits  to  server  vulnerabilities  for  a  handful  of  architectures  and  operating  systems. 

These  techniques  have  different  levels  of  ease  of  use,  false  negative  rates,  false  posi¬ 
tive  rates  and  effect  on  the  network.  However,  for  effective  vulnerability  management, 
relying  solely  on  penetration  testing  is  a  bad  idea.  Vulnerability  scanning  is  better 
suited  to  the  task,  for  several  reasons. 

First,  vulnerability  scanning  can  be  automated  and  made  part  of  a  network  manage¬ 
ment  system.  Discovery  of  new  hosts,  applications  and  vulnerabilities  can  be  fed  into 
trouble-ticket  systems  to  be  addressed,  whereas  penetration  testing  is  best  performed 
manually  by  an  experienced  team. 

Second,  vulnerability  scanning  tests  a  larger  number  of  vulnerabilities  on  more  plat¬ 
forms  than  typical  penetration-testing  tools.  Vulnerability  scanning  also  takes  into 
account  security  issues  in  printers,  routers,  wireless  access  points,  firewalls  and  many 
other  common  network  devices,  whereas  most  penetration-testing  tools  do  not. 

Third,  vulnerability  scanning  with  continuous  network  monitoring  or  host-based 
patch  auditing  will  easily  identify  vulnerabilities  in  client  applications  across  a  net¬ 
work.  Some  penetration-testing  tools  will  test  client  applications,  but  these  are  nor¬ 
mally  used  for  local  privilege  escalation. 

Finally  vulnerability  scanning  provides  more  fidelity  of  information.  Our  Nessus  vul¬ 
nerability  scanner  has  close  to  10,000  scripts,  which  detect  missing  security  patches, 
installed  software,  listening  services  and  vulnerabilities.  Nessus  performs  exploit  tests 
similar  to  those  of  penetration-testing  tools  but  stops  short  of  exercising  the  exploit. 

Potential  vulnerabilities  are  reported  with  a  low,  medium  or  high  rating. 
This  gives  security  teams  more  data  to  make  informed  decisions. 

Do  not  take  these  arguments  as  reasons  not  to  use  penetration-testing 
tools.  Every  network-security  practitioner  should  understand  them  and 
know  how  to  use  them, especially  for  auditing  core  servers.  Penetration¬ 
testing  tools  can  demonstrate  a  portion  of  the  vulnerabilities  requiring 
addressing,  but  an  effective  vulnerability-management  strategy  must 
make  use  of  many  vulnerability-scanning  technologies. 


nww.com 

Have  your  say 

Log  on  to  Network  World  to  express 
your  opinion.  Face-off  authors  Paul  Paget 
and  Ron  Gula  will  add  their  thoughts  to 
the  discussion. 


.  let  is  CEO  of  Core  Security  Technologies.  He  can  be  reached  at  DocFinder:  1128 

pa  ui.paget@coresecurity.com.  hhhhi 


Gula  is  CEO  of  Tenable  Network  Security.  He  can  be  reached  at 
rgula@tenable_security.  com. 
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Introducing  the  EtherScope™  Wireless  Network 
Assistant  -  designed  to  help  you  keep  your 
802.11a/b/g  network  secure  and  in  control. 

Does  everyone  on  your  wireless  network  have 
permission  to  be  there?  Are  all  your  access  points 
secured?  Fluke  Networks'  new  Wireless  EtherScope 
automatically  discovers  wireless  devices,  clearly 
identifying  those  that  are  unauthorized  and  unpro¬ 
tected  so  you  can  hunt  down  rogues  and  patch 
security  vulnerabilities.  Add  Gigabit  LAN  analysis 
to  your  EtherScope  to  troubleshoot  problems  on 
both  sides  of  the  access  point.  EtherScope  is  the 
only  portable,  handheld  analyzer  with  visibility 
into  wireless  and  wired  networks  so  you  can  solve 
problems  fast. 

Decide  for  yourself  whether  or  not  the 
EtherScope  Network  Assistant  will  be  your  next 
new  hire.  Go  to 

to  take  a  tour  of  the  virtual  demo,  request  an 
onsite  demo  on  your  network  and  get  your 
hands  on  our  free  Wireless  poster. 

•  ■■ 
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When  IT,  politics 
in  Mass,  collide 


In  September,  Massachusetts’  Information  Technology 
Division  adopted  a  new  “Enterprise  Technical  Reference 
Model”  aimed  at  making  it  easier  for  state  departments 
and  the  public  to  find  and  share  information.  It’s  a  wide- 
reaching  document  that,  among  other  things,  commits  the 
commonwealth  to  a  service-oriented  architecture  (read  story 
at  www.networkworld.com,  DocFinder:  1 141).  But  what 
grabbed  international  attention  was  a  provision  that  would 
ultimately  require  all  electronic  documents  to  be  stored  in 
Open  Document  Format,  an  XML-based  specification  devel¬ 
oped  by  the  Organization  for  the  Advancement  of  Structured 
Information  Standards. 

One  guess  which  vendor’s  desktop  applications  don’t  sup¬ 
port  ODFMicrosoft,  naturally  went  on  the  offensive,  sending 
lobbyists  to  Boston  to  persuade  the  state  Legislature  to  over¬ 
turn  this  technology  decision.  State  Sen.  Mark  Pacheco,  who 
chairs  a  committee  that  oversees  state  agencies  argued  that 
adopting  ODF  would  be  “counter  to  what  open  source  is  all 
about”  (read  more  at  DocFinder:  1 142). 

But  now  things  are  getting  really  ugly  The  Boston  Globe 
recently  reported  that  state  officials  are  investigating  whether 
Peter  Quinn,  the  state  CIO  who  oversaw  the  new  plan,  went 
to  trade  shows  without  authorization  (he  says  he  got  an  OK). 
The  story  hints  at  worse  transgressions: “Even  though  a 
galaxy  of  computer  companies  are  listed  as  sponsors  of 
many  of  the  conferences,  Quinn  did  not  list  any  of  them  on 
his  authorization  forms  or  the  business  relationships  any  of 
them  have  with  the  Commonwealth.” 

Clearly,  somebody  fed  the  Globe  a  line  of  baloney  Trade- 
show  organizers  solicit  “sponsors,”  much  like  newspapers 
solicit  advertisers.  Accusing  Quinn  of  wrongdoing  for  failing 
to  note  all  the  sponsors  of  a  show  would  be  like  arguing  that 
he  should  file  a  report  for  every  copy  of  The  Wall  Street 
Journal  he  reads  because  network  vendors  advertise  there. 

One  of  Quinn’s  allegedly  unauthorized  trips  was  to  a  2004 
meeting  of  the  National  Association  of  State  Chief  Informa¬ 
tion  Offieers/ihe  show  was  co-sponsored  by  Microsoft  (see 
DocFinder:  1 143).  Does  that  mean  Quinn  might  be  secretly 
biased  in  favor  of  Microsoft?  It’s  enough  to  make  the  head 
spin.  It  would  be  ironic  if  high-tech  Massachusetts  begins  to 
have  trouble  filling  top  IT  positions  because  nobody  wants 
to  work  for  a  state  that  will  treat  them  like  human  pinballs. 

—  Adam  Gaffin 
Executive  editor  of  NetworkWorld.com 
agaffin  @nww.  com 

*  Add  your  thoughts  to  the  controversy  in  our  online  forum 
:t  A'ww.networkworld.com,  DocFinder:  1144. 


Opinions 

Bank  on  authentication 

Regarding  Linda  Musthaler’s  column  “Banking  on 
two-step  authentication”  (www.networkworld.com, 
DocFinder:  1121):  I  wish  Musthaler  had  named  the 
financial  planning  company  she  refers  to;  I  would 
think  it  wouldn’t  mind  being  named  if  it  really 
believes  its  claims. 

This  summer  I  visited  my  brokerage  firm  (Schwab) 
and  asked  why  I  should  feel  safe  conducting  elec¬ 
tronic  business  with  it.  Naturally  I  got  the  usual 
claims  that  it  is  all  under  control.  I  came  prepared 
with  news  clippings  of  a  long  list  of  data  breaches 
(ChoicePoint,  Bank  of  America,  Citibank)  that  have 
occurred  since  the  beginning  of  the  year.  I  showed 
them  exactly  what  kind  of  two-factor  authentication 
we  use  at  my  workplace.  More  importantly  I  present¬ 
ed  my  account  representative  with  an  ad  from  a 
competitor  (E*Trade),  which  is  offering  account 
holders  of  at  least  $50,000  the  two-factor  authentica¬ 
tion  device  I  was  requesting.  This  was  an  implied 
threat  that  I’d  move  my  business  elsewhere  unless 
Schwab  was  able  to  address  my  concerns. 

Two  months  later  I  got  a  call  saying  Schwab  is  pilot¬ 
ing  a  two-factor  authentication  solution  internally 
Now  I’m  lobbying  to  be  one  of  their  first  non¬ 
employee  users. 

George  Hsieh 
Fairfax,Va. 

Host  with  the  most 

Regarding  “Web  hosting  costs  soar”  (DocFinder: 
1122):  I  would  have  liked  to  see  more  analysis  to 
explain  a  couple  of  counterintuitive  factors.The  first 
is  that  the  compute  power  per  watt  is  increasing,  so 
we  should  be  getting  more  performance  per  square 
foot  even  if  the  power  and  cooling  requirements  are 
increasing  because  of  higher  density  The  second  is 


that  the  Internet  is  generally  location-independent, so 
why  can’t  data  centers  simply  be  located  in  places 
with  lower  costs?  Especially  when  the  carriers,  some 
of  which  install  and  operate  the  high-capacity  lines, 
are  the  ones  building  the  data  centers. 

Roger  Slykhouse 
Warren,  Mich. 

In  a  story  on  rising  costs  of  Web  hosting  space  in  a 
few  key  markets,  all  of  which  are  notorious  for  high 
real  estate  costs,  I  was  surprised  to  see  no  discussion 
of  building  such  centers  in  less-expensive  areas.  If 
corporations  can  move  their  back-office  operations 
to  India,  why  can’t  Web  hosters  move  their  facilities 
to,  say  South  Dakota?  A  server  center  does  not 
require  much  on-site  staff. 

Dave  Richter 
Systems  development  analyst 
Ford  Motor  Co. 
Bloomfield,  Mich. 

Prevent  pryware 

Regarding  Mark  Gibbs’  BackSpin  column  “Is  Sony’s 
CD  DRM  malware?”  (DocFinder:  1123):  The  recent 
exposure  of  Sony’s  DRM  “pryware”  is  another  exam¬ 
ple  of  the  downside  of  a  megacorporation  trying  to 
insinuate  its  control  over  our  private  computing 
environments.  Sony’s  use  of  rootkit-level  cloaking 
type  of  software  in  its  products  is  a  clear  intrusion 
and  infringement  into  my  personal  privacy  border¬ 
ing  on  criminal  activity 

Robb  Sauerhoff 
Associate  director 
Gartner 
Bridgeport,  Conn. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief.  Network  World,  1 18  Turnpike  Road.  Southborough,  MA  01 772. 
Please  include  phone  number  and  address  for  verification. 
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Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  1030 
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Howard  Anderson 


ZigBee:  What’s  in  it  for  me? 


ZigBee  is  a  new  technology  being  deployed 
for  wireless  sensor  networks.  A  sensor  net¬ 
work  is  an  infrastructure  composed  of  sens¬ 
ing,  computing  and  communications  elements 
that  allows  an  administrator  to  monitor,  observe 
and  react  to  events  and  phenomena  in  a  speci¬ 
fied  environment. 

Sensor  networks  are  seen  as  an  important  tech¬ 
nology  that  is  expected  to  be  deployed  widely  in 
the  next  few  years.  For  example,  observers  expect 
the  number  of  ZigBee-compliant  nodes  to 
increase  from  fewer  than  1  million  today  to  100 
million  in  2008. 

Some  sensor  networks  support  highly  distrib¬ 
uted,  large-node-count  applications  such  as  envi¬ 
ronmental  monitoring  and  Homeland  Security 
systems.  Others  support  confined  short-range 
spaces  such  as  a  home,  factory  building  or  the 
human  body  Short-range,  low-data-rate  wireless 
applications  include  RFID  systems,  light  switches, 
fire  and  smoke  detectors,  thermostats  and  home 
appliances. The  information  collected  is  typically 
parametric  in  nature,  where  one  transmits  small 
volumes  of  simple  data.  But  some  systems  also 
support  low-bit-rate  video  and  imaging  algo¬ 
rithms.  Node  power  and  battery  life  are  key  design 


considerations  for  sensor  networks. 

There  are  four  basic  components  in  a  sensor 
network:  an  assembly  of  distributed  or  localized 
sensors;  an  interconnecting  wireless  network;  a 
central  point  of  information  clustering;  and  a  set 
of  computing  resources  at  a  central  point  to  han¬ 
dle  data  correlation,  event  trending,  querying  and 
data  mining.  In  this  context,  the  sensing  and  com¬ 
putation  nodes  are  part  of  the  network. 

ZigBee  may  well 
be  for  you. 

For  a  number  of  years  vendors  have  used  pro¬ 
prietary  technology  for  collecting  performance 
data  from  sensors.  In  the  early  2000s  device  sup¬ 
pliers  researched  ways  to  introduce  standardiza¬ 
tion.  For  in-building  applications,  designers  soon 
discounted  Wi-Fi  standards  as  being  too  complex 
and  expensive;  Bluetooth  technology  was  also 
considered,  but  it  too  was  found  to  be  complex. 

This  opened  the  door  for  a  new  standard, 
ZigBee  (the  trademarked  name  of  the  IEEE 
802.15.4).  ZigBee  operates  in  the  2.4-GHz 
Industrial, Scientific  and  Medical  radio  band,  and 


supports  data  transmission  at  rates  up  to  250K 
bit/sec  at  ranges  up  to  200  feet.  ZigBee  is  expect¬ 
ed  to  become  a  global  specification  for  reliable, 
cost-effective,  low-power  wireless  applications, 
providing  interoperability  and  desirable  radio  fre¬ 
quency  performance  characteristics.  Chip  sets 
implementing  the  standard-specified  protocol 
stack  now  are  becoming  available.  Examples  of 
ZigBee  applications  include  lighting  controls, 
automatic  meter  reading,  wireless  smoke  and  CO 
detectors,  HVAC  controls,  home  security  and  med¬ 
ical  sensing  and  monitoring. Sensor  networks  that 
operate  outside  a  building  and  over  a  broad  geo¬ 
graphic  area  use  any  number  of  other  radio  tech¬ 
nologies;  for  example,  the  new  WiMAX  standard 
(IEEE  802.16)  and  cellular  3G  technologies  also 
may  be  useful  for  metropolitan  environments. 

ZigBee  may  well  be  foryou:There  will  be  many 
opportunities  for  technology  developers  in  this 
space  in  the  next  few  years,  as  well  as  for  system 
integrators  and  network  engineers. 

Minoli  is  an  adjunct  professor  in  the  Stevens 
Institute  of  Technology’s  graduate  school  and  coau¬ 
thor  of  a  Wiley  book  on  wireless  sensor  networks. 
He  can  be  reached  at  minoli@att.net. 


Game  over,  start  new  game 


My  last  column  (see  www.networkworld. 
com,DocFinder:  1 125)  discussed  the  need 
for  a  line  of  technology  products  for  those 
older  than  50  (“curmudgeonware”).This  time  let’s 
go  to  the  opposite  end  of  the  spectrum  and  talk 
about  what  new-genre  games  are  going  to  do  for 
the  communications  industry 
In  case  Fbng  was  the  last  game  you  played,  let 
me  tell  you  how  important  this  segment  is:  big. 
Global  game  software  is  growing  at  16%  per  year 
worldwide  and  is  a  $15  billion  business  in  the 
United  States;  35%  of  U.S.cell  phone  users  are  play¬ 
ing  games  and  the  market  is  growing  at  100%  per 
year.  In  June, Viacom  bought  NeoFets,  a  site  where 
users  can  adopt  virtual  pets,  for  $160  million. 

But  what’s  more  interesting  is  where  games  are 
going.  Nintendo  is  coming  with  a  new  clicker  that 
knows  where  you  and  your  hands  are  —  imagine 
boxing  with  Muhammad  Ali  or  playing  tennis 
with  Steffi  Graf.  Now  imagine  that  your  kid  can 
win  points  by  boxing  with  another  10-year-old  in 
a  virtual  Golden  Gloves  championship.  The  big 
issue:  broadband.  Broadband  will  do  more  for  the 
game  industry  than  narrowband  did  for  eBay. 
Today  your  kid  plays  with  a  LeapFrog. Tomorrow 
—  virtual  leapfrog  with  Michael  Jordan. 

Now  the  advertisers  want  in.  Want  to  play  the 
next-generation  version  of  Electronic  Arts’ 
“Madden  Football”?  Budweiser  will  have  its  sig¬ 
nage  on  the  scoreboard  . .  .and  pay  for  that. Want 
to  ride  the  Tour  de  France  on  Lance  Armstrong’s 
team?  His  and  your  jerseys  may  carry  an  ad  for 
the  Discovery  Channel.  We  are  seeing  the  con¬ 


vergence  of  games  and  physical  activity  “Dance 
Dance  Revolution”  is  now  installed  in  24-hour  fit¬ 
ness  gyms  and  has  sold  3  million  units.The  adver¬ 
tisers  even  want  to  have  different  kinds  of  ads  for 
different  types  of  users. 

Let’s  face  it,  the  communications  industry  could 
use  some  steroid  growth  —  cell  phones  have 
reached  saturation,  so  what  is  going  to  drive  up 
minutes  of  use?  Games.  What  will  developers 
come  up  with  when  virtually  every  home  has 
broadband?  Just  like  every  time  that  Intel  came 
up  with  a  faster  chip  Microsoft  found  a  way  to  use 

Imagine  boxing  with 
Muhammad  Ali  or  playing 
tennis  with  Steffi  Graf. 

that  power,  game  developers  are  jumping  on 
broadband  and  using  all  that  communications 
capability  to  totally  involve  you  in  games  that  are 
challenging,  entertaining  . . .  and  addictive. 

Where  does  all  this  go?  Imagine  a  game  that 
uses  all  your  senses  .  .  .  where  you  are  totally 
involved  and  part  of  your  status  is  your  relative 
ranking.  Imagine  a  game  like  Star  Trek,  where  you 
take  control  of  the  Enterprise  and  your  physical 
actions  control  the  story  Do  you  win  the  laser 
sword  fight?  Then  the  action  moves  one  way  Do 
you  challenge  Spock?  Then  the  ending  changes 
—  except  the  game  never  ends.  Instead  of  playing 
Rotisserie  football,  how  would  you  like  to  be  the 
starting  quarterback  for  the  New  England  Patriots 


. . .  where  your  quarterback  score  improves  with 
your  throwing  expertise,  where  you  had  better 
learn  the  plays  or  you  are  going  to  be  sacked. 

I  almost  can’t  wait  until  the  pornographers  get 
hold  of  this.  The  early  success  of  AOL  was  based 
on  its  explicit  chat  rooms.  Now,  fast  forward  to 
2009  —  where  virtual  reality  and  physical  activity 
coincide.  Don’t  laugh  —  many  of  the  major  revo¬ 
lutions  in  consumer  behavior  were  driven  by  sex¬ 
ually  explicit  programming.  Video  rental  stores, 
before  Blockbuster,  had  a  back  room  where  you 
could  rent  X-rated  videos. Once  that  market  jump- 
started  purchases  of  home  VCRs,  then  the  rest  of 
the  movie  industry  provided  programming. 

It  costs  up  to  $10  million  to  develop  a  first-rate 
interactive  game,  but  there  is  a  whole  category  of 
casual  games  that  will  pop  up.  “Club  Fbgo”  from 
Electronic  Arts  has  1  million  paying  subscribers 
Games  build  loyalty  and  return  custom-  . 
“Second  Life”  is  free  to  play  but  users  buy  .■■■:■  m 
upkeep  on  virtual  land  . . .  and  the  game  ;s  entire¬ 
ly  driven  by  user-generated  comer1?  t  has  users 
actually  living  off  their  game  income,  just  like 
some  eBay  vendors. 

The  real  and  virtual  worlds  have  collided.  See 
you  in  cyberspace. 

Anderson  is  the  founder  of'The  Yankee  Group  and 
YankeeTek,  and  a  cofounder  of  Battery  Ventures.  He 
lectures  on  technology  at  the  Massachusetts 
Institute  of  Technology  and  speaks  on  technology 
subjects  at  meetings  across  the  country.  He  can  be 
reached  at  handerson@yankeetek.com. 
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inside  the  high-stress  life  of  a  chief  information  security  officer. 
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BY  SANDRA  GITTLEN 

He  has  commanded  a  war  room  at  home  in  his  pajamas,  led  a  disaster  response  tearh 
from  a  Little  League  field  and  received  an  alert  about  the  Zotob  virus  while  sunning  on  . 

a  Cape  Cod  beach.  •««--« - 

Mien  you’re  the  chief  information  security  officer  0 
goes  away  and  the  pressure  never  lets  up. 
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SHARE  GIGS  OF  CONFIDENTIAL 
INFORMATION  ON  THE  INTERNET 

AND  IT  WONT  BE  CONFIDENTIAL  FOR  LONG. 


More  data  to  manage  typically  means  more  reason  to  worry  about  security 
and  accessibility.  But  with  Ipswitch’s  industry-leading  FTP  solutions,  users 
can  easily  and  fearlessly  transfer  files  without  compromise.  Designed 
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WS-FTP  djj  WS-FTP 


Professional 


WS_FTP  is  a  registered  trademark  of  Ipswitch,  Inc.  All  other  trademarks  are  the  property  of  their  respective  owners. 


specifically  for  small-  and  medium-sized  businesses,  Ipswitch  WS_FTP 


Ipswitch  WS_FTP  Professional 
Ipswitch  WS_FTP  Server. 

It  just  works. 


Visit  www.ipswitth.torh  to 
download  a  30-day  free  trial. 
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F.c!  Amoroso,  the  43-year-old  C1SO  at  AT&T, 
has  an  even  more  challenging  job  than 
the  average  security  pro.  He  not 
only  has  to  protect  AT&T’s  inter¬ 
nal  network  from  attack,  he’s 
also  responsible  for  the  ser¬ 
vice  provider’s  global  cus¬ 
tomer-facing  network. 

He’s  also  trying  to  bal¬ 
ance  his  always-on  job 
with  a  busy  family  life. 

What  does  Amoroso  do 
when  the  stress  starts  to 
build  up?  “I  look  at  the  ducks 
on  the  pond,”  he  says,  refer¬ 
ring  to  the  wildlife  outside  his 
office  in  Florham  Park,  N.J. 

But  it’s  rare  to  find  Amoroso  in 
office.  Instead,  he  is  more  likely  to  be  run¬ 
ning  through  an  airport  on  his  way  to  visit  one 
of  AT&T’s  global  customers  or  meeting  —  often 
virtually  —  with  his  more  than  300  far-flung 
team  members  who  comprise  AT&T’s  Security 
Center  of  Excellence. 

“1  spend  50%  of  my  time  with  AT&T  customers  — 
although  my  team  would  say  it’s  more  like  100%,” 
he  jokes.  “In  order  to  set  the  security  strategy  for 
AT&T,  I  have  to  know  what’s  going  on  in  the  world.” 

Amoroso  is  also  devoted  to  spending  time  with 
his  wife,  Lee,  and  their  three  children.  He  often 
works  from  home  one  day  a  week  to  counter¬ 
balance  his  heavy  travel  schedule. 

Amoroso  says  there  are  three  parts  to  his 
position:  setting  the  security  strategy  for 


vacationing  in  Falmouth,  Mass.,  but  his  team 
handled  the  situation. 

-V.  ?bo'!t  P'-‘  thsnng.  _  ,  ,  , 

Though  he  s  not  a  micromanager, 
Amoroso  does  remain  tethered  to  the 
information  generated  from  his  net¬ 
work.  His  main  source  of  informa¬ 
tion  is  his  BlackBerry,  which  he 
constantly  fidgets  with.  It’s  set  to 
alert  him  to  changes  in  network 
conditions,  virus  outbreaks  and 
other  vital  information.  He  relies 
heavily  on  the  device,  even  mak¬ 
ing  sure  not  to  vacation  outside 
its  coverage  areas. 

“There  are  people  in  the  organi¬ 
zation  who  do  have  to 


firefight  and  yes,  Ed  ' a&! 

does  get  involved  when 
necessary.  But  it’s  important 
that  he  address  the  issue  of 
what  strategies  we  use  and 
what  technologies  we  use  to 
get  ahead  of  the  problem 
and  stay  ahead  of  it.  That’s 
the  core  of  the  CISO  job,” 
says  Dave  Belanger,  chief 
research  scientist  at  AT&T  Labs. 

“The  CISO  role  is  kind  of  a 
unique  combination  of  techno¬ 
logical  and  operational  expertise, 
in  the  sense  that  there  is  an  intelli¬ 
gent  adversary  and  the  CISO  has  to 
ensure  that  our  technology  evolves  faster 
than  the  adversary’s  capability,”  he  says. 


■curity  threats. 


AT&T’s  internal  network,  managing 
the  security  of  AT&T’s  global 
network,  and  helping  to  create 
new  security  products  and 
services  for  AT&T  world¬ 
wide.  As  such,  Amoroso 
leads  a  unique  mix  of 
researchers,  network 
security  managers  and 
product  designers  who 
:  ickle  internal  and  external 
security  issues,  such  as  real¬ 
time  incident  response,  patch 
management,  anti-virus 
processes,  compliance,  policy 
requirements  and  enforcement,  and 
•a rusion  detection. 

■  vmin  Es’ambolchi,  AT&T’s  CTO  and  CIO  at 
■‘ic  run  !o5s  article  was  reported,  says  having 
An. «  :  s;>  up  both  the  internal  and  the  cus- 
tomei-ic  v  c  ». ork  and  services  is  beneficial 
to  the  compau'  Ve  able  to  leverage  what 
we  learn  from  prok  A  m  g  one  of  the  world’s 
leading  global  IP  networks  —  our  own  —  to 
benefit  our  enterprise  customers.” 

Amoroso’s  Security  Center  of  Excellence  covers 
four  areas:  real-time  security,  enterprise  security, 
design  and  development,  and  compliance  and  audit. 

While  many  of  his  peers  see  their  job  as  putting 
out  fires,  Amoroso,  who  was  named  to  the  CISO 
position  in  1999,  believes  his  role  is  more  strate¬ 
gic.  He  says  if  he  spent  all  his  time  in  a  war  room 
muting  off  every  virus  that  popped  up,  he  would 
doing  his  job  ail  wrong.  For  example,  when 
>  uob  virus  struck,  he  received  a  page  while 


rCV\  to  combat  Vo/p 


Belanger  says  Amoroso  works  closely 
with  the  labs  to  “create  systems  that 
allow  us  to  view  in  real  time  what’s 
happening  in  our  network  faster 
than  anyone  else.  Ed’s  folks 
have  breakthroughs  that  allow 
us  to  detect  the  attack  and 
deal  with  it.  We  view  the  rela¬ 
tionship  between  the  CISO  and 
research  as  one  that  is  essential 
in  keeping  us  in  the  lead  at  the 
network  and  information  layers.” 


The  early  bird  catches  the  worm 

Each  morning  around  7, 
Amoroso,  an  early  riser,  receives  an 
encrypted  e-mail  cyberintelli¬ 
gence  report  from  his  team  —  which 
he  immediately  accesses  from  the 
road,  home  or  office  —  that  out¬ 
lines  the  threat  levels  and 
global  network-performance 
issues  of  the  day.  He  can  see 
spikes  in  usage  and  ques-  i 
tions  his  team  on  their 
causes.  For  instance, a 
recent  release  of  a  Rolling 
Stones  album  across  the  net¬ 
work  spawned  an  alert. 

There  are  five  levels  of  alerts, 
he  says.  Levels  One  to  Three  are 
handled  by  his  team  members,  but 
Level  Four  has  him  jumping  into  the 
mix.  “Level  Four  is  wake  me  up  and  let’s 
get  folks  on  a  conference  call.  It’s  usually  a  worm 


peelings. 


that  has  managed  to  have  impact  on  a  major  cus¬ 
tomer,”  he  says.  As  for  Level  Five,  he  says  that 
category  is  reserved  for  Sept.  11-type  events. 

When  a  Level  Four  alert  does  occur,  Amoroso 
says  his  team  creates  a  virtual  war  room  using 
video  and  audio  conferencing,  a  broadband  con¬ 
nection  and  an  extranet.  “Our  version  of  a  war 
room  is  in  your  pajamas  on  the  phone.  These 
things  rarely  happen  between  9  a.m.  and  5  p.m.,” 
he  says.  With  his  team  members  spread  across 
the  world,  including  Australia,  Florida  and 
Hawaii,  he  says,  the  virtual  approach  works 
better  than  everyone  jumping  on  a  plane  or  in 
their  cars  to  get  to  a  central  location. 

Bill  O’Hern,  division  manager  for  Amoroso’s  net¬ 
work  security  division,  handles  real-time 
response  issues;  his  team  is  embedded 
in  AT&T’s  massive  state-of-the-art 
globed  network  operations  center 
in  Bedminster,  N.J.  This  allows 
them  to  have  up-to-the-minute 
knowledge  of  the  entire  AT&T 
network  as  well  as  access  to 
other  network  specialists. 

He  says  even  though 
Amoroso  —  who  dresses  in 
business-casual  and  insists 
on  the  team  calling  him  “Ed” 

—  is  very  laid-back,  there  is  a 
sense  of  urgency  to  their  work. 
Although  many  companies  try  to 
create  a  team  atmosphere  with 
extracurricular  activities  such  as  bowling 
leagues  or  softball  teams,  Amoroso  focuses 
more  on  team-building  around  the  actual  work 
his  team  does.  O’Hern  says  the  real-time 
response  group  is  on  call  24/7  and  works  in 
shifts  around  the  clock  so  its  members  don’t 
spend  time  outside  of  work  together. 

Amoroso  and  O’Hern  admit  home  life  can  be  chal¬ 
lenging  with  such  a  demanding  job.  Amoroso,  the 
father  of  two  daughters  and  a  son,  says,  “I’ve  often 
led  disaster  responses  from  the  Little  League  field. 
When  a  security  event  starts,  wherever  you  are, 
that’s  where  you  are  for  the  next  few  hours.” 

While  such  intensity  could  lead  to  burnout, 
O’Hern  says  Amoroso’s  team  avoids  it  by  seeing 
their  efforts  pay  off  as  AT&T  products  and  ser¬ 
vices.  “There’s  also  a  taste  of  doing  security  in 
the  big  leagues  and  I  wouldn’t  give  that  up.” 

Deep  background 

Amoroso  has  a  deep  background  in 
computer  science  and  information- 
security  research.  The  20-year 
AT&T  veteran  started  his  career 
at  Bell  Labs  right  out  of  gradu¬ 
ate  school,  researching  how  to 
make  the  Unix  platform  secure. 

He  moved  on  to  tackle  high- 
profile  government-contract 
security  projects,  including  the 
trusted  software  development  for 
the  Strategic  Defense  Initiative  and 
the  White  House  Y2K  Information 
Coordination  Center.  When  he  was 
appointed  CISO,  he  continued  a  company 
tradition  of  researchers  being  moved  out  of 
the  labs  and  into  corporate  executive  positions. 
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bersome)  or  multiple  passwords 
(too  complicated).  He  encourages 
a  group  of  corporate  security  exec¬ 
utives  who  are  in  town  to  meet 
with  him  on  a  different  topic  to 
think  about  the  issue  and  come 
back  to  him  with  ideas  —  hinting 
that  if  their  ideas  are  good  enough, 
they  could  be  in  on  this  revolution. 

Amoroso’s  meetings  with  his 
business  partners,  customers  and 
team  members  are  casual  but  well- 
managed;  they  usually  take  place 
in  half-hour  increments  and  don’t 
stray  from  a  set  agenda. 

He  doesn’t  carry  a  planner,  say¬ 
ing  they  are  too  bulky.  Instead,  he 
jots  reminders  on  the  back  of  a 
piece  of  paper,  making  sure  to 
enter  important  points  in  his  jour¬ 
nal  at  the  end  of  the  day. 

As  he  moves  between  meetings, 
Amoroso  chats  with  people  in 
the  hallway,  sharing  scores  from 
the  latest  New  York  Giants  game 
with  an  electrician. 


In  the  limelight 

Amoroso  is  a  big  draw  on  the 
speaking  circuit  and  is  often  put 
in  front  of  audiences  to  drum 
up  support  for  high-profile 
AT&T  initiatives. 

His  most  recent  project  has  him 
behind  the  scenes,  however,  play¬ 
ing  executive  producer  for  a  tool 
that  keeps  customers  up-to-date  on 
security  threats  in  real  time.  He 
likens  it  to  CNN  for  IT  managers 
and  dubs  it  the  “Internet  Security 
News  Network.”  As  threats  evolve, 
AT&T  customers  are  paged  to  tune 
in  to  a  Web  portal  for  a  streaming 
newscast,  complete  with  anchors 
and  experts,  that  is  recorded  at 
AT&T  headquarters  (in  fact,  a  stu¬ 
dio  is  being  built  for  this  broad¬ 
cast).  Along  with  the  newscast, 
viewers  are  given  links  to  resources 
that  help  them  patch  or  otherwise 
address  the  vulnerability. 

Amoroso  teams  with  other 
AT&T  units  for  many  of  his 
projects;  this  time  the 
public  relations  team 
helped  bring  the 
tool  to  fruition. 
Though  it’s 
only  in  pilot 
phase 
today, 


Esfambolchi  adds:  “Ed  is  one  of 
the  best  security  experts  in  the 
world.  He’s  been  driving  the  tech¬ 
nical  security  strategy  defined  by 
me.  He  is  [also]  great  with  cus¬ 
tomers  and  is  one  of  the  best 
salespeople  we  have.  Security  is 
very  technical.  Translating  the 
technology  so  the  customer  can 
understand  the  issues  is  one  of 
Ed’s  great  strengths.” 

Amoroso  also  has  strong  opinions 
about  the  security  industry  and 
isn't  shy  about  expressing  himself. 

“The  past  decade  has  been  tough 
—  the  security  industry  has  lost 
its  way.  At  one  point  we  had  no 
security;  now  there’s  too  much. 
This  has  been  the  era  of  security 
getting  worse  and  worse,”  he  says. 

“Today  there’s  too  much  soft¬ 
ware  from  vendors  that  needs  to 
be  patched.  There  are  viruses  and 
worms  and  spam  and  firewalls,” 
he  says,  adding  it’s  all  too  expen¬ 
sive  for  end  users  and  IT  man¬ 
agers  to  maintain. 

And  without  a  hint  of  subtlety 
he  concludes,  “carri¬ 
ers  need  to  be 
doing  securi¬ 
ty  for  the 
end¬ 


points.”  While  that  seems  like  a 
self-serving  position,  it’s  one  that 
leading  security  analysts  agree  with. 

Amoroso  also  believes  in  the 
need  for  safe  havens  online.  His 
large  financial  customers,  such  as 
banks  and  brokerage  firms,  are  so 
worried  about  the  liability 
involved  in  the  increased  number 
of  phishing  attacks  targeting  their 
users  that  they  are  threatening  to 
move  off  the  Internet. 

“Phishing  is  at  a  fever  pitch,”  he 
says,  citing  a  swell  from  800  com¬ 
plaints  a  month  to  AT&T’s  fraud 
and  abuse  center  last  year  to  more 
than  60,000  a  month  this  year. 

Rather  than  have  major  business¬ 
es  retreat  from  the  Internet, 
Amoroso  says  he  hopes  to  gather 
the  best  companies  and  academic 
minds  in  the  security  industry  to 
solve  the  problem.  He  has  already 
started  brainstorming  with  his 
partners,  such  as  Cisco,  and  meets 
with  them  regularly  to  see  what  it 
would  take  to  create  a  “safe  net” 
where  customers  could  do  busi¬ 
ness  without  worrying  about 
hacking  or  phishing. 

In  a  meeting  on  this  topic, 
Amoroso  uses  a  white¬ 
board  to  sketch  out  a 
rudimentary  drawing 
of  his  vision  for  a 
safe  network  for 
conducting  business 
online.  The  initial 
iteration  of  his  plan 
involves  a  network 
that’s  outside  today’s 
AT&T  network  and 
requires  heavily 
authenticated  access. 
He  rattles  off  the  pit- 
falls  of  requiring 
customers  to  use 
tokens  (too  cum- 
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-  V  Amoroso  says  he  hopes  the  project 
-  will  go  live  as  a  service  to  all  AT&T 
customers  next  year. 

Ap  Amoroso  is  the  perfect  pitch  man 
for  these  types  of  projects.  His  boy- 
ish  enthusiasm  and  undisputed  acad¬ 
emic  know-how  are  a  forceful  combi¬ 
nation  that  make  him  an  invaluable 


asset  to  the  company. 

When  he’s  not  meeting  with  cus¬ 
tomers  and  business  partners, 
Amoroso  spends  time  with  his 
researchers  and  network  managers, 
soaking  up  their  expertise  and 
expanding  his  own  knowledge  base. 

For  instance,  a  client  had  expressed 
concerns  over  the  possibility  of  VoIP 
denial-of-service  attacks.  To  get  up  to 
speed  on  this  threat,  Amoroso  asked  a 
lead  researcher  from  AT&T  Labs  to  pre¬ 
pare  a  private  briefing  that  would 
explain  the  issue  to  him  and  show  the 
solutions  his  team  was  developing.  The 


researcher  delivered  a  PowerPoint  pre¬ 
sentation,  fielding  a  barrage  of  ques¬ 
tions  from  Amoroso,  and  then  gave  a 
live  demonstration  of  how  the  attacks 
occur  and  how  they  are  stopped. 

Amoroso  is  the  first  to  admit  he  has 
an  insatiable  thirst  for  knowledge,  and 
he  encourages  the  same  in  his  team. 
Each  week,  the  group  holds  tech  talks, 
inviting  subjectmatter  experts  from 
around  the  company  to  speak  on  a 
variety  of  topics.  “If  you  meet  every 
Friday  for  a  year,  there’s  a  lot  you  can 
learn  about  the  industry”  he  says. 

Amoroso  teaches  a  course  on  infor¬ 
mation  security  each  Thursday  at  his 
graduate  school,  Stevens  Institute  of 
Technology  in  Hoboken,  N.J.  “I  also 
read  books  voraciously,"  he  says. 
Amoroso,  who  holds  a  master’s 
degree  and  a  doctorate  in  computer 
science,  has  written  four  books  on 
information  security.  It’s  a  passion  he 


shares  with  his  father,  Serafino 
Amoroso,  another  well-known  holder 
of  a  doctorate  in  computer  science. 

“Like  most  IT  guys,  I  work  weekends 
and  technology  is  my  hobby,  so  I 
relax  by  writing  and  teaching  about 
technology,”  he  says.  But  he  tries  to 
balance  that  with  his  home  life, 
which  he  relishes,  It’s  a  fine  line,  he 
says,  as  he  heads  out  the  door  to  get 
home  and  celebrate  his  20th  wedding 
anniversary  before  heading  off  that 
night  to  Washington,  D.C.,  to  meet 
with  a  customer. 

Editor’s  Note 

AT&T’s  merger  with  SBC  was  com¬ 
pleted  Nov.  18.  Amoroso  has  a  new 
title,  vice  president  and  chief  security 
officer.  He  also  has  a  new  boss,  John 
Stankey,  senior  executive  vice  presi¬ 
dent  and  CTO  of  AT&T  Inc.  His  duties, 
however,  remain  essentially  the  same. 


Mentor: 

Edgar  Dykstra,  computer  scientist:  “Everything  he  said  is  the 
bible  for  information  security.” 

Education: 

Dickinson  College  in  Carlisle,  Pa.,  where  he  earned  a  bachelor’s 
degree  in  physics. 

Stevens  Institute  ofTechnology  in  Hoboken,  N.J.,  where  he 
earned  a  master’s  degree  and  a  doctorate  in  computer  science. 

Fun  facts: 

His  father  also  holds  a  doctorate  in  computer  science. 

His  wife  is  a  homeopathic  expert. 


Favorite  movie 

“The  Godfather." 


Favorite  book: 

:  How  to  Win  Friends  and  Influence 
.Reqple by  Dale  Carnegie. 

1  '  •  •;  . 

favorite  food: 

ic.Sary  Null’s  vegetarian  cooking. 
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Belanger  and  O’Hern  remain  with 
AT&T.  Eslambolchi  is  no  longer  with 
the  company,  according  to  AT&T. 

Gittlen  is  a  freelance  technology  edi¬ 
tor  in  Northboro,  Mass.  She  can  be 
reached  at  sgittlen@charter.net. 


Go  online  to  hear  Ed  Amoroso’s 
thought-provoking  presentation 
at  the  recent  Vortex  event  in  San 
Francisco  on  the  future  of  net¬ 
work  security. 


r  fun: 

Coaches  his  children’s  baseball 
and  basketball  teams;  jogs. 

Author  of: 

Intrusion  Detection,  1999. 
Fundamentals  of  Computer 
Security  Technology,  1994. 

PC  Week  Intranet  and  Internet 
Firewalls  Strategies,  1996. 

A  new  book  on  cybersecurity,  to 
be  published. 


With  shrinking  backup,  recovery  and  archive  windows,  most  IT  Professionals  protect  their  data  after  normal 
business  hours  and  on  weekends  -  the  times  when  you  would  rather  not  sit  around  watching  a  tape  library. 
Our  PX500  Series  redefines  value  in  rackmount  tape  automation  with  enterprise-class  features,  high  density 
and  market-leading  investment  protection.  And  our  superior  performance,  reliability  and  support  allow  you 
to  have  a  normal  life  -  with  vacations.  To  find  out  how  Quantum's  got  you  covered  with  our  new  PX500  Series, 


QUANTUM.  WE’VE  GOT  YOU  COVERED 


Quantum 


Quantum 


BACKUP  RECOVERY.  ARCHIVE.  IT’S  WHAT  WE  DO 


&2005  Quantum  is  a  trademark  of  Quantum  Corporation  in  the  United  States  and  other  countries.  All  other  trademarks  are  the  property  of  their  respective  companies 
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Juniper’s  chassis  combines 
firewall,  VPN  and  IPS 

BY  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 


$86,270  as  tested.  NetScreen-Security  Manager 
software  with/five  device  licenses  included. 

Pros:  Clean  architecture  and  no  performance 
problems  up  to  180M  bit/sec;  full-featured 
IPS  with  comprehensive  signatures  and 
good  logging  capabilities;  outstanding 
firewall  and  VPN  capabilities. 

Cons:  Management  weak  compared  with  other 
Juniper  products;  hardware  not  as  main¬ 
tainable  as  a  high-end  system  should  be. 


When  Juniper  shipped  the  Integrated  Security  Gateway  2000  late  last  year, 
the  company  said  it  was  more  than  another  low-density  NetScreen  firewall. 
In  addition  to  the  basic  firewall  and  VPN  capability  built  into  the  chassis, 
Juniper  said  the  ISG  2000  could  accommodate  as  many  as  three  other 
blades  providing  security  applications, such  as  intrusion  prevention,  without 
affecting  the  performance  of  the  base  firewall  and  VPN. 


We  ran  into  another  hardware-integration  problem  when 
we  first  tried  to  install  the  ISG  2000  in  our  network.  Junipers 
ScreenOS  firewall  software  is  running  at  either  Version  5.2 
or  5.3  in  all  current  models  —  except  for  the  ISG  2000,  with 
Version  5.0.  Unfortunately  5.0  is  missing  a  key  feature  allow¬ 
ing  for  asymmetric  routing  needed  to  install  the  ISG  2000  at 
the  edge  of  a  network  with  multiple  ISP  connections. 
Because  of  the  versioning  issue,  we  had  to  install  addition¬ 
al  switches  to  work  around  the  unsupported  topology 


The  blades  came  out  in  the  spring, and  we’ve  been  testing 
the  ISG  2000  with  three  IDP  (Junipers  intrusion-prevention 
product)  blades  on  our  live  network  for  four  months,  focus¬ 
ing  on  hardware,  management  software  and  architecture. 

Overall,  while  Juniper  got  the  architecture  of  the  system 
right,  it’s  got  some  work  to  do  in  terms  of  maintaining  hard¬ 
ware  and  management  software. 

Hardware:  Too  hard 

The  ISG  2000  design  doesn’t  fall  in  line  with  Junipers 
long-standing  reputation  of  producing  maintainable  hard¬ 
ware.  While  port  cards,  fan  modules  and  power  supplies 
are  easy  to  replace,  you  cannot  hot-swap  interface  cards. 
Additionally  getting  to  the  IDP  blades  and  the  manage¬ 
ment  module  means  pulling  the  chassis  out  of  the  rack, 


We  installed  the  ISG  2000  with  IDP  blades  into 
our  production  network  at  its  very  edge,  con¬ 
nected  directly  to  our  two  upstream  routers. 
With  two  45IVI  bit/sec  circuits  coming  into  our  net- 
T.  we  kept  the  ISG  2000  busy,  but  did  not  stress  it. 
.’  .  ware  was  specified  to  operate  at  speeds  far 
above  our  load. 

Through.  -  '!  st.the  ISG  2000  ran  on  Version  5.0  of 
Juniper’s  Screen :  >erating  system. The  management 

system  was  more  tin  id  We  upgraded  an  existing 
NetScreen-Security  Manager  management  system  to 
version  2004-IDP  (and  later  to  2005.1  and  2005.2)  and 
proceeded  to  push  our  standard  firewall  policy  to  the 
ISG  2000.  Because  the  ISG  2000  was  upstream  of  all  our 
existing  firewalls,  we  combined  all  of  the  other  firewall 
policies  into  a  super-policy,  adjusted  for  network  topol¬ 
ogy,  and  were  running  within  a  few  hours. 

With  the  ISG  2000,  the  firewall  configuration  drives 
data  streams  into  the  intrusion-prevention  system  (IPS) 
part  of  the  product.  For  every  firewall  rule,  you  say 
•  i  ether  the  IPS  is  enabled.  We  started  with  IPS  turned 


unscrewing  the  top  cover,  and 
dealing  with  slots  and  boards 
that  were  not  designed  for  easy 
maintenance. 

The  difficulty  of  maintaining 
this  hardware  was  driven  home 
in  our  tests  when  one  of  the 
blades  stopped  working  prop¬ 
erly.  Juniper  technical  support 
was  quick  to  diagnose  the  prob¬ 
lem,  but  we  had  to  pull  the  unit 
out  of  our  network  while  we 
waited  for  a  replacement  part  to  arrive.  Had  the  hardware 
been  more  maintainable,  we  could  have  quickly  pulled  the 
bad  board  and  run  on  a  reduced  configuration. 


on  for  all  traffic,  but  simply  alerting  and  not  dropping  or 
resetting  connections. 

After  studying  the  false  positives  over  a  month,  we 
refined  our  IPS  policy  to  skip  problematic  systems  and 
signatures. 

Then  we  put  the  IPS  into  block  mode, asking  it  to  drop 
packets  or  reset  connections  that  triggered  its  signa¬ 
tures.  (A  few  days  after  we  put  the  IDP  into  block  mode 
we  discovered  one  of  our  IDP  boards  had  failed  and 
was  blocking  traffic  at  random.) 

For  the  next  three  months,  we  checked  in  on  the  man¬ 
agement  system  daily  looking  for  log  entries  that  might 
be  signs  of  false  positives,  and  updating  and  tuning  the 
system.  We  used  the  logs  several  times  to  track  down 
problems  for  our  help  desk.  And  of  course,  we  had  to 
make  a  number  of  changes  to  the  firewall  configuration. 

During  the  testing,  we  worked  with  Juniper  technical 
support  to  resolve  questions  and  refine  our  under¬ 
standing  of  the  system.  Juniper  also  provided  on-site 
technical  support  at  the  end  of  the  test  to  let  us  sanity- 
check  our  conclusions  and  to  collect  feedback. 


Software:  Too  soft 

Management  of  the  chassis 
with  IDP  blades  installed  re¬ 
quires  Juniper’s  NetScreen- 
Security  Manager, a  client-server 
application  for  controlling  the 
configuration  of  and  analyzing 
logs  from  the  ISG  2000. 
Although  managing  the  firewall 
and  VPN  components  from  this 
application  is  stable,  the 
NetScreen-Security  Manager 
doesn’t  control  the  IDP  blade  as  well  as  the  single-function 
management  wares  shipping  with  Juniper’s  stand-alone  IPS 
boxes. 

An  intrusion-prevention  system  (IPS)  requires  frequent 
configuration  to  tune,  tighten  and  reduce  false  positives. 
Operations  that  should  be  easy  to  do, such  as  adding  an  IPS 
signature  to  an  exception  list,  require  a  significant  number 
of  steps,  take  you  through  a  series  of  modal  configuration 
dialogs  and  can  be  frustratingly  unpredictable.  Even  with 
Juniper  on-site,  we  couldn’t  figure  out  whether  this  unpre¬ 
dictable  behavior  was  caused  by  bugs  or  some  exception¬ 
ally  subtle  issue  of  how  and  where  you  click. 

Simple  tasks,  such  as  finding  a  signature  to  learn  more 
about  it,  are  difficult  to  do.  When  we  finally  discovered 
(with  the  help  of  technical  support)  the  well-hidden  “find” 
function  in  the  NetScreen-Security  Manager  GUI,  we  found 
a  not-so-well-hidden  bug:  It  doesn’t  find  things  very  often. 
We  were  reduced  to  searching  and  scrolling  through  thou¬ 
sands  of  signatures  to  get  the  information  we  required. 

We  also  expected  to  see  more  by  way  of  integrated  man¬ 
agement  across  modules.  In  places  where  Juniper  could 
have  shared  configuration  between  the  firewall  and  IDP  it 
didn’t.  For  example,  although  the  firewall  rules  are  used  to 
say  whether  the  IDP  protects  a  stream, all  details  of  the  fire¬ 
wall  rules  are  lost  once  you  enter  the  IDP  If  you  want  to  cus¬ 
tomize  your  signatures  for  different  firewall  rules, you  have 
to  recreate  the  rules  before  you  can  pick  and  choose  the 
signatures  that  apply. 
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How  we  did  it 


Juniper's  ISG  2000  chassis  offers  basic  firewall  and 
VPN  services  and  can  accommodate  three  additional 
blades  running  other  security  applications. 


See  Juniper,  page  58 
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Get  all-in-one  protection  for 
viruses,  spyware  and  more 
with  the  SonicWALl  Unified 
Threat  Management  Solution 


It's  8am.  Guess  how  many  attacks  hit  your  network  last  night. 


Trust  us,  it's  an  unbelievable  number. 


But  how  do  you  get  enterprise-class  security  without  blowing  your  budget?  SonicWALL®  has  the  answer. 

We  take  state-of-the-art  network  security  and  make  it  simple,  reliable  and  affordable.  So  you  can  feel  secure. 


Take  our  Unified  Threat  Management  Solution.  It's  real  network  security  that  delivers  intelligent,  real-time 
protection  against  the  most  sophisticated  new  viruses,  spyware  and  network  attacks.  It  combines  a  powerful, 
deep  packet  inspection  engine  with  a  continuously  updated  database  of  the  latest  attack  signatures. 
Comprehensive  security  in  an  affordable,  usable  package — that's  the  SonicWALL  answer. 

Take  the  guesswork  out  of  network  security.  For  more  details  on  our  Gateway  Anti-Virus,  Anti-Spyware, 
Intrusion  Prevention  and  other  threat  management  solutions  visit  www.sonicwall.com/home/gav.asp 
or  call  us  at  +1  888.557.6642. 

The  worldwide  leader  in  Unified  Threat  Management  is  hiring.  Visit  www.sonicwall.com  for  details. 
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Juniper 

continued  from  page  56 

In  all,  we  went  through  three 
released  versions  of  the  manage¬ 
ment  software  during  our  four- 
month  test.  It’s  hard  to  tell 
whether  the  problems  we  ran  into 
with  NetScreen-Security  Manager 
are  the  result  of  a  rushed  design, 


or  just  a  buggy  user  interface  that 
didn’t  work  very  well.  In  either 
case,  Juniper  doesn’t  meet  its 
own  standards  for  intrusion- 
prevention  management  tools 
with  this  release  of  the  ISG  2000. 

Architecture:  Just  right 

If  hardware  and  management 
software  are  the  twin  Achilles’ 


heels  of  the  ISG  2000,  Juniper  gets 
extra  credit  for  getting  the  hardest 
part  right:  the  architecture.  Merg¬ 
ing  a  firewall  and  an  IPS  is  not 
easy  We’ve  seen  products  from  a 
half-dozen  vendors  go  through 
our  labs  with  the  dual  moniker  of 
firewall  and  IPS,  and  most  of  them 
were  so  badly  integrated  that  the 
IPS  function  might  as  well  have 


been  disabled.  Not  so  with  the  ISG 
2000.  Juniper  has  done  a  good  job 
of  merging  the  two  functions  into 
a  single  system  and  giving  the 
security  manager  sufficient  con¬ 
trol  to  make  it  all  work  —  without 
putting  so  many  knobs  on  the  sys¬ 
tem  that  managing  it  is  dispropor¬ 
tionately  burdensome. 

Our  months  of  letting  the  ISG 


2000  protect  our  network  ahead 
of  all  our  other  firewalls  gave  us 
hard-to-measure  benefits.  With 
any  IPS,  it’s  hard  to  say  what  did¬ 
n’t  happen  to  you  because  you 
had  an  IPS  in  place.  We  had  mil¬ 
lions  of  attack  events  blocked, 
but  it’s  impossible  to  say  how 
many  infections  we  didn’t  get 
because  the  IPS  was  in  place.  We 
were  able  to  use  the  alerting  sys¬ 
tem  on  the  ISG  2000  to  show  us 
systems  inside  our  networks 
already  infected  with  spyware. 
Because  the  ISG  2000  was 
upstream  of  —  and  beefier  than 
—  all  our  other  firewalls,  it  dra¬ 
matically  reduced  the  events 
coming  from  those  firewalls,  but 
that  was  also  expected  behavior. 

The  ISG  2000  is  like  a  mostly 
baked  cake  (or  to  the  turophile, 
an  underaged  Parmesan).  If 
Juniper  fixes  the  management 
system,  this  product  will  be  a  valu¬ 
able  addition  to  any  network.  At 
this  stage,  the  ISG  2000  will  appeal 
to  those  die-hards  who  are  famil¬ 
iar  with  Juniper’s  IDP  product  line 
and  are  eager  to  better  integrate 
their  firewall  and  IPS  functionality 
into  a  single  system  and  single 
management  console. 

Snyder  is  a  senior  partner  at 
Opus  One  in  Tucson,  Ariz.  He  can 
be  reached  at  Joel.  Snyder 
@opusl  .com. 


Lab  Alliance 


■  Snyder  is  also  a  member  of  the 
Network  World  Lab  Alliance,  a 
cooperative  of  the  premier  testers 
in  the  network  industry,  each 
bringing  to  bear  years  of  practical 
experience  on  every  test,  for  more 
Lab  Alliance  information,  including 
what  it  takes  to  become  a  partner, 
goto 

www.networkworld.com/alliance. 
Other  members:  Mandy  Andress, 
ArcSec;  John  Bass,  Centennial 
Networking;  Travis  Berkley, 
University  of  Kansas;  Jeffrey  Fritz, 
University  of  California,  San 
Francisco;  James  Gaskin,  Gaskin 
Computing  Services;  Thomas 
Henderson,  ExtremeLabs; 

Miercom,  network  consultancy  and 
product  test  center;  Christine 
Perey,  Perey  Research  &  Con¬ 
sulting;  Barry  Nance,  independent 
consultant;  David  Newman, 

Network  Test;  Thomas  Powell, 

PINT.  Rodney  Thayer,  Canola 
&  Jones. 
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SERVICES 


YOUR  JOB  IS  TO  KEEP  SYSTEMS  AND  APPLICATIONS  RUNNING. 
OUR  MISSION  IS  TO  KEEP  PEOPLE  AND  INFORMATION  CONNECTED. 

LET’S  WORK  TOGETHER. 


w 


Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It’s  what  your  employees,  suppliers  and  customers  demand  every 
minute  of  every  day.  But  to  deliver  it  flawlessly,  you  need  a  massive  global 
infrastructure,  redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities.  That’s  exactly  what 
SunGard  provides. 

As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save  your 
company,  on  average,  25%*  versus  building  the  infrastructure  yourself.  Plus, 
it's  a  vendor  neutral  solution  that  lets  you  control  your  data,  applications  and 
network  while  giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving  business  problems 
and  less  time  solving  technical  problems. 
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For  years,  companies  around  the  world  have  turned  to  SunGard  to  restore  tfr 
systems  when  something  went  wrong.  So,  it’s  not  surprising  that  thev’r 
turning  to  us  to  mitigate  risk  and  make  sure  they  never  go  down  in  thr  .  .\?cp. 
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You  want  your  network  and  systems  to  always  be  up  and  running.  We  want  the 
same  thing.  Let’s  get  together.  To  learn  more,  visit  www.availabdity.sungard  com  or 
call  1-800-468-7483. 
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00  remote  servers? 
One  solution. 


Introducing  the  next 
generation  of  KVM 

The  Dominion  KX101 


Actual  Size 


All  the  power  of  our  Dominion®  KX  packed  into  a  smaller,  incredibly  versatile  form  factor. 

•  Deploy  them  by  the  hundreds,  even  in  dispersed  locations. 

•  Manage  them  all  centrally  through  a  single  IP  address. 

•  Get  to  them  all  without  the  access  limitations  of  a  KVM  switch. 

Visit  us  online  to  learn  more  about  switchless  KVM  that  KX  butt  and  the  future  of 
infrastructure  management. 


www.KXbutt.com 


When  you're  ready  to  take  control 
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MMGEMEHT  STRATEGIES 

CAREER  DEVELOPMENT  ■  PROJECT  MANAGEMENT  ■  BUSINESS  JUSTIFICATION 

IT  leaders  go  public 

Seeking  challenge,  some  go  to  government  work  from  private  sector. 


BY  JENNIFER  MEARS 

rt  Stephens  began  his  career  as  a  programmer  at 
Accenture  and  worked  his  way  up  the  ranks,  even¬ 
tually  heading  Deloitte  Consultings  Harrisburg, Pa., 
office.  But  when  an  opportunity  arose  to  stray  from  his 
successful,  private-sector  career  path  and  move  into  the 
CIO  position  in  the  commonwealth  of  Pennsylvania, 
Stephens  jumped  at  the  chance. 

As  he  climbed  the  corporate  ladder,  Stephens  felt  he  was  being  dragged  away  from 
the  IT  consulting  work  he  loved  into  a  business  administration  role  in  which  he  dealt 
more  with  sales  and  personnel  management  than  with  networks  and  servers.  He 
welcomed  the  chance  to  take  on  more  technology-focused  responsibility. 

In  addition,  Stephens  had  a  growing  desire  to  give  back. 

“I  took  a  very  significant  pay  cut  to 
make  this  change,”  says  Stephens,  who 
was  appointed  deputy  secretary  of  IT  by 
Gov.  Edward  Rendell  in  2003  and 
became  one  of  the  governor’s  deputy 
chiefs  of  staff  last  June. 

That  type  of  altruism  is  the  primary 
motivator  for  many  IT  professionals 
who  have  given  up  lucrative  private- 
sector  positions  for  public-sector 
responsibilities.  While  one  would 
commonly  think  of  people  moving 
from  the  public  sector  into  better-pay¬ 
ing  corporate  jobs,  there  also  is  signif¬ 
icant  movement  in  the  other  direction. 

Robert  McFarland,  who  heads  up  IT  in 
the  Department  of  Veterans  Affairs  spent 
his  entire  career  in  the  private  sector, 
including  a  long  stint  at  Dell, before  coming 
out  of  retirement  last  year  to  accept  President 
George  Bush’s  appointment  to  serve  as  the  VAs 
assistant  secretary  for  IT.  Pennsylvania  is  just  one  of  a 
handful  of  states,  including  Connecticut,  Delaware, 

Indiana,  Maryland  and  Massachusetts,  that  have  private-sector- 
professionals-turned-public-servants  leading  their  IT  divisions, 
according  to  the  National  Association  of  State  CIOs. 

“There  are  a  couple  stimulators  that  get  people  talking  about  working  for . .  .government. 
One  is  a  sense  of  public  service,  not  unlike  a  calling  to  be  a  priest,’’ says  Peter  Metzger,  vice 
chairman  of  executive  search  firm  Christian  &  Timbers  in  Washington,  D.C.  “The  other 
piece,  which  is  of  equal  importance's  the  enormous  responsibility  that  one  gets.” 

McFarland  notes  that  there  are  230,000  people  working  for  the  VA,  with  more  than 
6,000  IT  employees  and  a  $2  billion  IT  budget.  “No  matter  what  I  did  in  the  private 
sector,  there  are  very  few  places  I  could  have  been  that  would  have  been  as  large 
and  as  complex  as  this  one,”  he  says. 

Peter  Quinn, CIO  of  the  commonwealth  of  Massachusetts,  agrees, saying  that  IT  pro¬ 


fessionals  likely  will  find  more  diversity  in  the  type  of  projects  they  lead  in  the  pub¬ 
lic  sector,  simply  because  of  government’s  broader  focus.“You  deal  with  everything 
from  state  police  to  jails  to  collecting  taxes  to  welfare,  the  whole  gamut  of  services,” 
says  Quinn,  who  was  CIO  of  Boston  Financial  Services  before  accepting  the 
Massachusetts  CIO  position  in  2002. “You  get  to  work  at  the  courts,  legislature  —  the 
variety  of  the  job  becomes  very  compelling.” 

Getting  projects  completed,  however,  can  be  frustrating,  because  government  CIOs 
have  several  approval  levels  to  get  through  before  an  IT  project  can  be  launched. “The 
aspects  of  politics  are  completely  different  than  in  the  private  sector,"  the  VAs  McFarland 
says.  “The  private  sector  may  have  something  it  calls  corporate  politics,  but  [that’s] 
minuscule  compared  to  the  politics  associated  with  working  for  government.” 

Stephens  says  there  is  significant  turnover  among  his  state  CIO  peers.  One  reason 
is  that  IT  is  taking  on  a  higher  profile  in  today’s  digital  world,  and  state  and  federal 
IT  executives  are  more  often  under  the  microscope.“Legislators  want  to  know  [what 
we’re  doing] ,  voters  want  to  know,  the  media  want  to  know,”  Stephens  says. “It’s  defi¬ 
nitely  a  challenge  to  balance  that  and  keep  the  lights  running.” 

Despite  the  political  pressure  and  the  wider  variety  of  project  goals,  in  the  end  public- 
sector  IT  leaders  still  are  charged  with  the  same  mandates  as  their  private-sector  peers:  pro¬ 
vide  the  best,  most  efficient  use  of  IT  resources.  McFarland  is  in  the  process  of  centralizing 
and  consolidating  a  dispersed  Microsoft  Exchange  environment. Stephens 
streamlined  project  proposals  shortly  after  he  took  the 
helm  in  Pennsylvania, requiring  that  each  agency  pri¬ 
oritize  IT  budget  requests  before  submitting  them 
to  the  Budget  Office  and  the  governor,  with  the 
hope  of  eliminating  duplication  across  state 
^  agencies. 

“That’s  one  of  the  misconceptions 
[about  public-sector  IT],  that  govern¬ 
ment  is  old-school  technology,” 
Stephens  says.  “It’s  just  not  true.” 
Another  misconception  is  that  gov¬ 
ernment  IT  work  is  easier  than  in  the 
private  sector.  Public  IT  officials 
advise  private-sector  professionals 
considering  a  move  to  think  carefully 
and  be  sure  that  financial  compensa¬ 
tion  will  not  be  an  issue. 

“I  must  be  honest  with  you  and  tell 
that  a  move  from  the  private  sector  to 
government  is  not  for  the  faint  of  heart.” 
McFarland  says.“lt’s  a  very  stressful  mov  • 
a  difficult  transition  and  a  big  challenge:’ 
PT’  Metzger  advises  clients  that  it  will  take  them  at 

least  three  years  to  learn  how  government  works. 
As  for  compensation,  consider  that  top  pay  for  IT  in 
the  federal  government  is  about  $145,000,  while  a  compa¬ 
rable  position  in  the  private  sector  would  pay  nearly  a  half 
million  dollars  plus  stock  options  and  bonuses,  Metzger  says.  “What  1  tell  people 
when  they  ask  about  compensation  packages  is  that  a  large  part  of  the  compensa 
tion  [in  the  public  sector]  is  going  to  be  the  psychological  reward,  the  satisfaction  of 
knowing  what  you’re  doing  is  benefiting  society”  he  says.“lt’s  a  nice  way  of  saying. 
‘You’re  not  going  to  like  it.’” 

At  the  same  time,  those  willing  to  make  the  financial  sacrifice  will  find  they  are  in  high¬ 
er  demand  should  they  decide  to  return  to  corporate  life,  Metzger  says. “They're  exponen¬ 
tially  more  employable  and  more  desirable  then  they  were  before  they  were  in  govern¬ 
ment,  particularly  for  a  company  who  targets  government  as  a  customer  lie  says.  IS 
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Increase  your  data  center  availability 

...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 

Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 

Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 

Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 

•  Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 

Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  orTelnet  interfaces. 

From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


With  over  15  million 


InfraStruXure 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 


satisfied  customers, 
APC's  Legendary  Reliability™ 
guarantees  peace  of  mind. 


Legendary  Reliability® 


Visit  http://promo.apc.com  Key  Code  f998x  •  Call  888-289-APCC  x6796  •  Fax  401-788-2797 

©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  AX4A05EP-US 


What's  on  your 

Network? 

Find  out  with  NetSupport... 


Centrally  Discover,  Support  and 
Manage  your  Systems.  Anywhere. 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your 
Windows  98  systems?  Are  you  overpaying  on  unused  software  licenses?  Which 
employees  are  spending  the  most  time  surfing  the  web?  Find  out  fast  with 
NetSupport  DNA. 

Managing  your  company's  IT  assets  means  more  than  just  selection  and 
maintenance.  Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the 
job.  NetSupport  DNA  is  an  easy  to  use  IT  asset  management  solution  that  provides 
you  with  the  tools  you  need  to  get  to  know  your  network. 

Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a 
complex  implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an 
award  winning  asset  management  suite,  but  with  only  a  30  minute  implementation 
path. 

NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise 
reporting  and  a  web-based  help  desk  solution. 


Visit  www.petsupport-inc.com  and  download  a  full  trial  license  today. 
And  in  30  minutes  start  viewing  your  vital  Asset  Information. 
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Sales:  1-888-665-0808 

www.netsupport-inc.com 


Problems  overwhelming  your  current  sniffer? 


Advance  to  the  next  level  with  Observer  11.  Now  with  enterprise  strength  VoIP  analysis.  New  features  include  an  enhanced 
VoIP  Expert,  Quality  Scoring,  Call  Detail  Records,  MultiHop  Analysis,  and  64-bit  Windows  support.  It's  time  to  reset  your  analyzer. 


INSTRUMENTS 


Wired  to  wireless.  LAN  to  WAN.  One  network  -  complete  control. 


US  &  Canada  UK  &  Europe 

toll  free  800.526.5958  +44  (0)  1 959  569880 

www.networkinstruments.com/analyze 


enhanced  VoIP  support 

~ 


OBSERVER 


Rack  View 
Fold-Back 


SERVERS  WITHIN  V 
FROM  ANYW 


R  REACH 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 


UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 

RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


SP 


UltraMatrix™ 

E-series 

KVM  SWITCH 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280  •  ;^S| 

Available  in  several  models 

Easy  to  expand  .  :'■£<?$$! ’’ 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology.^ 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  station^ 

1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 
LCD  Monitor 


+  Racky 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+  44  (0)  1264  850574 
+  65  6324  2322 
+  617  3388  1540 


800-333-9343 

WWW.ROSE.COM 


#R! 

ELECTRONICS 
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For  further  information  on  network  IT  products  and  solutions 
from  these  companies  and  more,  check  out  vendor  solutions 

www.networkworld.com/vendorsolutions 
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►  White  Papers 

►  Special  Reports 

►  Partner  Sites 

►  Webcasts 

►  Marketplace  Product  Finder 
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Indexer 


The  Smart  Choice  for  Text  Retrieval®  since  1991 

♦  over  two  dozen  indexed, 
unindexed,  fielded  and  full-text 
search  options 

♦  highlights  hits  in  HTML,  XML  and 
PDF  while  displaying  embedded 
links,  formatting  and  fTnEl'H-f 

♦  converts  other  file  types 
(word  processor,  database, 
spreadsheet,  email,  ZIP,  Unicode, 
etc.)  to  HTML  for  display  with 
highlighted  hits 

Instantly  Search  (  - 

OT  Text  Reviews  of  dtSearch 

♦  “The  most  powerful  document  search 
tool  on  the  market”  —  Wired  Magazine 

♦  “dtSearch  ...  leads  the  market” 

—  Network  Computing 

♦  “Blindingly  fast”  —  Computer  Forensics: 
Incident  Response  Essentials 

♦  “A  powerful  arsenal  of  search  tools” 
—  The  New  York  Times 

♦  “Super  fast,  super-reliable” 

—  The  Wall  Street  Journal 

♦  “Covers  all  data  sources  ...  powerful 
Web-based  engines”  —  eWEEK 

♦  “Searches  at  blazing  speeds” 

—  Computer  Reseller  News  Test  Center 


See  www.dtsearch.com  for  hundreds 
tocre  reviews  &  case  studies 


asEnSuaniD 


yeuowiACkn 

802.11  bg  W-LAN  ANALYZER 

>  2.4  GHz  SPECTRUM  ANALYZER 
>  Dual-band  802.11b  &  g  demodulators 

>  Direction  Finding  of  Rogue  AP’s 


Security  •  Installers  •  WISPs  •  Hotspots 


SJl. 


Vel  low  Jacket™ 
Hive  Software 

Site  Initiator/Supervisor/ 
Investigator  indoor/outdoor 
mapping  W-LAN  coverage 
solution. 


Berkeley  Varitronics  Systems  MnvcHOi.MJ08840 
(732)548-3737  www.bvsystems.com 


MiniGoose 

Climate  Monitor 


Heat 

Humidity 

Air  Flow 

Doors 

Power 

Camera 


(512)257-1462  ITWatchdogs.com 


How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc. 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC.208VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 

Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
—  On  /  Off  /  Reboot 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


toll  free +1.800.835.1515 
tel  +1.775.284.2000 
fax  +1.775.284.2065 

www.servertech.com 

sales@servertech.com 


1.408.727.1122 

info@recurrent.com 

3431  De  La  Cruz  Blvd,  Santa  Clara,  CA  95054 


Luggage,  Fine  Leather  Goods, 
Gifts,  and  more! 
Hartmann,  Andiamo, 
Samsonite,  Cross 
10%  discount  for  Network 
World  readers 
Enter  code  NWW  2005 


•  T1/E1  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernet/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  I S  0  -  9  0  0 1 

•  USB  Modem  and  Hub 


SmSm  L  laWf  m 

Toll  Free  866  SITech-1 
630-761-3640,  Fax  630-761-3644 
www.sitech-bitdriver.com  or  www.sitechfiber.com 


.  ,  TAP  into  Performance 

networKTAPs  Monitor  mjSSjon.crjtjcai  |jnks  with  the 

latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.  Visit  www.networkTAPs.com/visibility  today. 


Ethernet  Copper  /iTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . $395 

10/100/1000 . $995 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET-nTAP  tod  + 

Free  overnight  delivery* 


F©  cc 


•free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  1 2  pm  CST. 

nTAP  and  the  ztTAP  logo  are  trademarks  or  registered  trademarks  ot  Network  mstmments.  LUC 


(  ^  TAP’ 


12/5/05  MARKETPLACE 


56  •  www.netwcrkworld.com  •  12.5.05 


M  Sales  Offices 

Carol  Lasker,  Executive  Vice  President,  Sales 
JaneWeissman,  Sales  Operations  Manager 
Internet:  clasker,  jweissman@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 _ 
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Tom  Davis,  Associate  Publisher,  Eastern  Region 
Elisa  Della  Rocco,  Regional  Account  Director 
Agata  Joseph,  Sr.  Account  Coordinator 
Internet:  tdavis,  elisas,  ajoseph@nww.com 
(201)  634-2300/ FAX:  (201)  634-9286 


Northeast 

Elisa  Della  Rocco.  Regional  Account  Director 

Internet:  e!isas@nww.com 

(508)  460-3333/FAX:  (508)  460-1237 


Mid-Atlantic 

Jacqui  DiBianca,  Regional  Account  Director 
Renee  Wise,  Account  Coordinator 
Internet:  jdibian,  rwise@nww.com 
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Kevin  Normandeau,  Exec.  Vice  President/General  Mgr.,  Online 
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Look  Ma,  no  hands! 

More  companies  are  reaping  the  rewards  of  automation 
capabilities,  but  the  technology  still  needs  to  evolve  to  reach 
the  nirvana  of  utility  computing.  For  instance,  today: 

Most  management  software  needs  network  managers  to  customize  known  "if,  then" 
scenarios  in  which  to  enable  the  software  to  take  automated  action. 

Vendors  have  yet  to  build  the  software  with  enough  intelligence  to  respond  to  changing, 
unknown  conditions  that  occur  in  data  centers. 

Network  managers  in  some  cases  have  to  manually  update  the  infrastructure  and 
application  components  in  an  inventory  within  the  software  to  maintain  accurate  data. 

Business  processes  need  to  be  sorted  to  automate  tasks  across  IT  silos,  such  as 
storage,  applications  and  networks. 

There  are  still  some  areas  of  network  management,  such  as  security  and 
troubleshooting,  in  which  automation  cannot  replace  human  expertise. 


Automation 

continued  from  page  1 

collects,  correlates  and  delivers 
data  from  multiple  systems  into 
one  Web-based  dashboard  for 
analysis  and  reporting  (see  relat¬ 
ed  story,  page  16). 

The  automation  push  isn’t  limit¬ 
ed  to  big  management  vendors. 
Companies  such  as  Enigmatec, 
Opsware  and  Opalis,  which 
recently  landed  another  $8.5  mil¬ 
lion  in  venture  funding,  promise 
to  bring  more  intelligence  to 
automation  with  cross-platform 
software  designed  to  take  the 
work  out  of  such  tasks  as  provi¬ 
sioning  resources  and  collecting 
asset  information. 

Start-ups  such  as  Corente,  iCon- 
clude,  RealOps  and  Optinuity 
emerged  in  the  past  two  years 
with  tools  to  help  customers 
automate  operational  workflows, 
roll  out  applications  to  servers 
and  fix  known  performance 
errors  —  freeing  IT  staff  from 
redundant  daily  tasks. 

“IT  has  done  a  terrific  job  of 
automating  processes  around 
developing  software,  but  the 
opposite  is  true  when  it  comes  to 
automation  in  operations  and 
production  environments,”  says 
Jean-Pierre  Garbani.a  vice  presi¬ 
dent  with  Forrester  Research. 
“Companies  can  start  to  auto¬ 
mate  with  daily  tasks,  and  ven¬ 
dors  are  starting  to  deliver  some 
tools  to  help  in  that  area.” 

Bill  Homa, senior  vice  president 
and  CIO  for  Hannaford  super¬ 
markets  in  Scarborough,  Maine, 
uses  automation  to  balance 


workloads  among  virtualized 
server  pools  and  allocate  band¬ 
width  to  higher-priority  traffic  on 
the  company’s  corporate  WAN. 
Homa,  who  uses  products  from 
IBM,  Cisco  and  other  vendors, 
says  the  process  of  automating 
data  center  operations  started 
some  five  years  ago  and  signifi¬ 
cantly  eased  the  more-recent  ini¬ 
tiative  to  virtualize  servers  in  two 
corporate  data  centers. 

“You  can’t  decide  you  are  going 
to  be  automated  and  virtualized 
tomorrow  and  have  it  happen 
just  like  that,”  Homa  says.  “You 
need  to  have  a  foundation  in 
place,  such  as  an  enterprise 
scheduler,  a  way  to  coordinate 
jobs  and  a  way  to  move  data 
between  systems.” 

For  others,  automation  is 
focused  on  a  specific  area  of  data 
center  operations. Lenny  Monsour 
says  SunGard’s  project  to  auto¬ 
mate  asset  and  change  manage 
ment  about  two  years  ago 
enabled  the  company  to  become 
ISO  9001  compliant.  SunGard,  a 
provider  of  software  and  process¬ 
ing  solutions  in  Durham,  N.C.,  had 
already  been  working  to  docu¬ 
ment  and  then  align  its  asset-  and 
change-management  processes 
with  the  Information  Technology 
Infrastructure  Library  (ITIL),  but 
by  being  able  to  automate  the 
processes  with  Opsware  software, 
the  company  also  achieved  ISO 
compliance. 

“By  automating  our  change- 
management  processes,  the  de¬ 
mand  on  our  time  and  resources 
has  dropped  significantly?’  Mon¬ 
sour,  product  management  direc¬ 


tor  at  SunGard,  says.  “But  the  un¬ 
expected  benefit  was  around 
access  controls  and  security, 
compliance  and  data  quality  In 
the  past,  manually  collecting  this 
data,  we  really  couldn’t  trust  its 
accuracy?’ 

Despite  advances  in  the  tech¬ 
nology  automation  initiatives  can 
stall  when  tasks  require  software 
to  understand  and  act  on  more 
than  a  static  set  of  criteria. 

‘At  this  point,  there  isn’t  a  clear 
concept  of  what  applications  are 
doing  in  the  production  environ¬ 
ment  so  that  cannot  be  represent¬ 
ed  as  a  workflow  model,  which 
could  be  incorporated  into  auto¬ 
mation  software,”  Forrester’s  Gar- 
bani  says.“In  many  cases,  to  really 
be  able  to  take  automated  action 
with  application  performance 
requires  you  to  incorporate 
automation  into  the  entire  life 
cycle  of  the  application.” 

Garbani  points  to  Microsoft’s 
Dynamic  Systems  Initiative  (DSI) 
and  IBM’s  Rational  software  divi¬ 
sion  as  two  product  areas  in 
which  vendors  could  potentially 
break  down  the  barriers  between 
automating  simple  tasks  and 
tackling  complex  data  center 
applications.  He  explains  DSI 
builds  state  models  within  its 
applications  during  the  develop¬ 
ment  stage.  The  state  models  — 
which  can  show  network  man¬ 
agers  what  an  application  is 
doing  and  set  performance 
expectations  —  can  be  incorpo¬ 
rated  into  automation  software, 
he  says. 

Start-up  Zenprise,  which  markets 
a  Microsoft  Exchange  manage¬ 
ment  product,  incorporated  into 
its  software  volumes  of  common 
scenarios,  performance  expecta¬ 
tions,  potential  problems  and 
known  fixes.  Zenprise  1.0  identi¬ 
fies  the  Exchange  infrastructure 


components,  collects  critical 
parameters  and  monitors  them  to 
determine  if  performance  is  meet¬ 
ing  expectations.  The  software 
uses  information  on  Exchange 
gathered  from  Microsoft  and 
matches  the  symptoms  it  spots  in 
performance  against  known  prob¬ 
lems,  Garbani  says. 

“This  type  of  automation  would 
work  well  with  any  packaged 
application  such  as  SARSiebel  or 
Oracle,”  he  says. 

But  given  that  most  enterprise 
IT  shops  have  a  mix  of  home 
grown  proprietary  applications 
and  packaged  applications  that 
have  been  customized  to  run  on 
their  systems,  pre-packaged 
automation  tools  fall  short,  says 
George  Hamilton,  a  senior  ana¬ 
lyst  with  The  Yankee  Group. 

Today’s  automation  cannot 
learn  on  its  own  how  to  respond 
to  myriad  situations  in  a  data  cen¬ 
ter.  The  most-advanced  tools  still 
require  managers  to  input  their 
knowledge  of  the  network,  its 
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applications  and  known  fixes  to 
known  problems,  Hamilton  says. 

“Automation  is  great  to  reduce 
manual  labor,  but  this  type  of 
operational  automation  isn’t  the 
same  as  what  IBM  and  HP  are 
promising.  The  Holy  Grail  of 
these  vendors’  plans  is  intelligent 
software  taking  action  without 
human  intervention,”  he  says. 
“Automation  is  hindered  by  two 
things:  not  enough  intelligence  in 
the  technology  and  a  still  skepti¬ 
cal  user  community’ 

Robert  Green,  senior  systems 
programmer  at  Fidelity  Informa¬ 
tion  Services  in  Little  Rock,  Ark., 
uses  IBM  Tivoli  Monitoring  soft¬ 
ware  to  perform  such  tasks  as 
system  health  monitoring, 
capacity  and  performance 
trending,  and  application  moni¬ 
toring.  He  uses  automated  capa¬ 
bilities  in  the  software  to  take 
recovery  steps, such  as  restarting 
processes  on  a  server  or  clearing 
files.  He  admits  he  hasn’t 
explored  all  the  automation 
options  within  the  Tivoli  soft¬ 
ware,  partly  because  there  isn’t  a 
demand  from  other  IT  divisions 
in  his  company. 

“I  have  to  make  sure  the  server 
support  staff  is  comfortable  with 
the  automation  I  enable  the  soft¬ 
ware  to  take,”  Green  says.“I  would 
automate  everything  if  I  could, 
and  they  are  coming  to  me  more 
to  turn  the  automation  on,  but 
some  worry  the  envelope  could 
be  pushed  open  too  soon.”B 

NETWORK 

MANAGEMENT 

Subscribe  to  our  free  newsletter. 

DocFinder:1013  www.networkworld.com 


Network  World  >  an  be  purchased  on  35mm 
microfilm  through  University  Microfilm  Int., 
Periodical  Entry  Dept.,  300  Zebb  Road, 
Ann  Arbor,  Mich.  48106. 

PHOTOCOPYRIGHTS:  Permission  to  photocopy 
for  internal  or  personal  use  or  the  internal  or  per¬ 
sonal  use  of  specific  clients  is  granted  by 
Network  World,  Inc.  for  libraries  and  other  users 
registered  with  the  Copyright  Clearance  Center 
(CCC),  provided  that  the  base  fee  of  $3.00  per 
copy  of  the  article,  plus  50  cents  per  page  is  paid 
to  Copyright  Clearance  Center,  27  Congress 
Street,  Salem,  Mass.  01970. 

POSTMASTER:  Send  Change  of  Address  to 
Network  World  PO.  Box  3090.  Northbrook,  IL  60065. 
Canadian  Postmaster:  Please  return  undeliverable 
copy  to  PO  Box  1632,  Windsor,  Ontario  N9A7C9. 


Copyright  2005  by  Network  World,  Inc.  All  rights 
reserved.  Reproduction  of  material  appearing  in 
Network  World  is  forbidden  without  written  permis¬ 
sion. 

Reprints  (minimum  500  copies)  and  permission  to 
reprint  may  be  purchased  from  Reprint 
Management  Services  at  (717)  399-1900  x128  or 
networkworld@reprintbuyer.com. 

USPS735-730 


GPL 

continued  from  page  10 

do  so,”  Brown  says  of  software  developers. “We’re  pretty  confident  that 
the  improvements  we’ve  made  to  the  license  will  encourage  [develop¬ 
er  j  to  make  the  switch.” 

The  issue  of  compatibility  among  GPL  and  other  open  source 
licenses  can  affect  developers  as  well  as  users.Vendors,  resellers  and 
systems  integrators  use  various  chunks  of  open  source  code  —  Linux, 
Apache,  MySQL  and  PHP  is  a  common  open  source  stack  —  to 
deliver  products.  But  if  chunks  of  code  are  combined  with  others 
whose  licenses  do  not  allow  for  such  mixing, sellers  of  these  systems, 
and  even  users,  could  find  trouble. 

The  climate  of  increased  government  regulations  and  scrutiny  over 
corporate  processes  and  systems  should  bring  the  issues  of  open  source 
software  licensing  to  mind  for  network  executives,  one  analyst  says. 

For  example,  if  an  organization’s  financial  operations  are  audited, 
“they  might  have  to  say  where  each  and  every  piece  of  that  software 
came  from,  how  it’s  being  used,” says  Daniel  Kusnetzkyvice  president 
of  system  software  research  for  IDC.  “If  a  company  doesn’t  know 
where  it  all  comes  from  and  under  what  licenses  they’re  using  it, that 
c  Mid  be  kind  of  frightening  for  the  executives  who  have  to  sign  on 
the  dotted  line.’  B 
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BACKSPIN 


Mark  Gibbs 


efore  I  begin  this 
week’s  tirade,  allow 
me  to  point  out  that 
the  Sony  BMG  fiasco  keeps 
getting  better.  Sony  has 

been  accused  of  fraud,  false  advertising,  trespass,  viola¬ 
tions  of  state  and  federal  statutes  prohibiting  malware,  and 
unauthorized  computer  tampering.  Now  it  appears  that 
the  company  also  has  violated  software  copyrights  as  well 
as  the  Digital  Millennium  Copyright  Act! 

Want  more?  Sony  BMG  knew  way  in  advance  of  the 
snafu  being  made  public  that  its  digital  rights  manage¬ 
ment  software  was  considered  spyware!  1  couldn’t  make 
this  stuff  up!  See  Gibbsblog  for  more  details  of  things 
Sony-snafu-ish. 

Finally  you  can  hear  me  opine  about  the  Sony  BMG  fias¬ 
co  on  Ed  Horrell’s’Talk  About  Service”  show  (www.edhor- 
rel  1  .com/advocates/  featu  red  .sh  tm  W) . 

So,  what  other  than  Sony  is  on  my  mind  this  week?  Well, 
the  thing  that  has  attracted  my  attention  is  the  CP80 
Internet  Channels  Initiative,  which,  let  me  say  upfront,  is 
the  technological  equivalent  of  putting  lipstick  on  a  pig. 

CP80’s  concern  is  pornography: They  see  the  ’Net  as  a 
veritable  cyclone  of  perversity  that  threatens  the  very  fab¬ 
ric  of  American  society  The  chaps  pushing  this  initiative 
are  from  an  outfit  named  ThinkAtomic,  which  is  de¬ 


Putting  lipstick  on  the  Internet  porno-pig 
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scribed  as  a  “high-tech  think  tank”  and  is  based  in  Orem, 
Utah. 

The  idea  behind  CP80  (which  originally  stood  for  Clean 
Port  80)  is  this: There  are  65,536  possible  ports  (essentially 
communication  endpoints  for  data  exchanges  using  IP), 
and  they  should  be  treated  as  television  channels. 

In  CP80’s  alternate  universe  there  would  be  a  channel 
for  clean  general  content  —  presumably  Port  80  —  and 
another  for  porn  —  Port  666,  perhaps?  There  presumably 
would  be  yet  more  channels  dedicated  to  content  that 
other  groups  think  should  be  controlled.  (Gee.d’ya  think 
that  politics  might  get  involved?) 

The  pitch  is  that  defining  what  content  is  available  on 
what  channel  —  and  having  strict  laws  that  punish  those 
who  use  channels  improperly  —  would  make  filtering  easy 

CP80  expert  Jill  Manning,  a  marriage  and  family  thera¬ 
pist  in  Orem,  recently  testified  before  the  Senate  Judiciary 
Subcommittee  on  the  Constitution.  She  discussed  the 
“negative  effects  of  Internet  pornography  on  marriages 
and  families”  and  called  the  CP80  proposal  “a  fresh,  think- 
ing-outside-the-box  solution  that  we  desperately  need.” 

Among  those  on  board  are  Sen.  Bob  Bennett  (R-Utah), 
as  well  as  state  Reps.  Chris  Cannon  (R-Utah),  Jim 
Matheson  (D-Utah)  and  Rob  Bishop  (R-Utah), all  well- 
known  technocrats  and  defenders  of  our  constitutional 
rights.  Also  on  board  is,  no  surprise,  Sen.  Orrin  Hatch  (R- 


Utah). That’s  the  same  great  philosophical  thinker  and 
upholder  of  rights  who  espoused  the  view  that  technolo¬ 
gy  be  developed  to  destroy  the  computers  of  people  who 
illegally  download  music. 

CP80  plays  directly  into  the  agendas  of  those  whose 
political  ambitions  require  the  public  to  toe  the  line. 
CP80’s  FAQ  reads, “We  expect  their  [sic]  to  be  a  govern¬ 
ment  agency  that  is  responsible  for  the  upkeep  of  the 
standards  and  fighting  any  violators  of  the  law!’ 

Upkeep  of  standards.  Hum.  Standards.  What  could  possi¬ 
bly  go  wrong  with  that  idea?  Where  in  this  brave  new 
world  would  the  text  of  Nabokov’s  Lolita  fit?  How  about 
the  movie?  Most  important,  who  would  decide? 

If  anything,  the  CP80  scheme  is  far  less  practical  techni¬ 
cally  and  legally  than,  for  example,  the  Platform  for 
Internet  Content  Selection,  a  far  more  sophisticated  con¬ 
tent-rating  system  that  unfortunately  didn’t  get  as  much 
attention  as  it  deserved. 

In  particular,  the  reliance  on  law  to  constrain  content 
is  a  nightmarish  prospect  because,  if  we  can’t  effectively 
define  pornography  in  the  real  world,  why  would  new 
laws  for  controlled  Internet  channels  make  things  any 
better? 

No  amount  of  lipstick  can  make  this  pig  good-looking. 

Write  to  backspin@gibbs.com  on  any  channel. 
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News,  insights  and  oddities 


You  say  you  can  smell  phish  in  your  in-box? 


Paul  McNamara 


Discovering  that  your  online  street  smarts  aren’t  up 
to  snuff  has  got  to  sting,  yet  more  than  a  half-million 
individuals  have  unflinchingly  summoned  the  courage 
to  take  MailFrontier’s  Phishing  IQTest  since  July  2004. Test  takers  are  asked  to  scan 
10  real-life  e-mail  messages  and  judge  whether  each  is  a  phishing  attempt  or  legiti¬ 
mate  commercial  correspondence. 

Because  we  thrive  on  danger  in  the  news  profession,  I  made  two  decisions  last 
week:  I'd  take  the  test  myself;  and  I’d  reveal  the  results  here  no  matter  how  abysmal 
my  score.  (You'll  simply  have  to  trust  me  on  the  pledge  and  the  grade.) 

Those  up  to  the  challenge  can  access  the  test  through  www.networkworld.com, 

7  c  Finder  1140,  but  don't  forget  to  come  back. 

Bo  ?  we  find  out  if  everyone  gets  to  have  a  good  laugh  at  my  expense,  let’s  take 
a  look  at  how  the  masses  have  been  doing  on  the  test.  It's  a  mixed  report  card  that 
says  plenty  about  the  obstacles  being  faced  today  by  honest  companies  that  want  to 
connect  to  their  customers  via  e-mail. 

“The  first  50,000  people  who  took  the  test  were  terrible  at  identifying  the  fraudu¬ 
lent  e-mail,"  says  Andy  Klein,  manager  of  the  MailFrontierThreat  Center. That  group 
was  able  to  sniff  out  just  north  of  60%  of  the  stinky  e-mail,  meaning  that  about  four 
of  every  10  phishing  lures  in  this  mock  exercise  were  gobbled  hook,  line  and  credit 
card  number. 

"The  results  have  been  getting  better  overtime,”  Klein  says,  with  the  company's 
most  recent  analysis  showing  an  82%  accuracy  rate  for  spotting  phishing  attempts. 

What's  driving  the  improvement?  Growing  public  awareness  of  the  telltale  signs  of 
phishing  and  greater  diligence  on  the  part  of  legitimate  businesses  in  educating 
their  customers  about  their  standard  do's  and  don'ts  regarding  e-mail.  “A  little  bit  of 
knowledge  and  common  sense  go  a  long  way,”  Klein  says. 

But  the  news  is  far  from  all  rosy.  Although  people  have  gotten  better  at  shooting 
prusn  in  a  barrel,  that  higher  success  rate  has  produced  collateral  damage:  A  lot 


more  legitimate  e-mail  is  getting  tagged  as  fraudulent.  Whereas  the  early  test  tak¬ 
ers  correctly  identified  about  75%  of  legit  e-mail,  that  rate  is  now  down  to  about 
50%,  according  to  Klein. 

In  other  words,  people  are  pretty  much  guessing. 

"The  natural  reaction  is  to  back  away  and  assume  everything  is  bad,"  Klein  says.  It’s 
an  instinct  that  online  merchants  and  security  vendors  are  going  to  need  to  combat 
fiercely  and  effectively,  lest  it  threaten  the  continued  growth  of  Internet  commerce. 

OK,  how’d  I  do  on  the  test? 

Not  bad,  if  I  must  say  so  myself:  nine  out  of  10  cor¬ 
rect,  including  nailing  all  five  of  the  fraudulent  e-mails. 
Only  4%  of  those  taking  the  test  manage  to  score  a 
perfect  10  for  10,  according  to  Klein. 

(If  you  plan  to  take  the  test  yourself,  skip  the  next 
paragraph  because  it  gives  away  one  of  the  answers.) 

My  lone  mistake  was  sensing  danger  where  apparent¬ 
ly  none  existed  in  an  invitation  from  a  credit  card  com¬ 
pany  to  save  big  bucks  by  consolidating  my  high-inter- 
est  balances  on  other  cards  into  a  single  account  with 
them.  The  pitch  seemed  just  a  tad  too  breathless, 
^ especially  considering  the  value  —  to  a  phisher  —  of 
what  they  were  asking  me  to  hand  over.  Erring  on  the  side  of  caution  and  all. 

Although  it  never  occurred  to  me  to  plead  my  case  on  that  incorrect  answer,  it  has 
indeed  occurred  to  others. 

“We  do  get  these  folks  who  disagree  with  the  answers  —  and  they  usually  have 
good  reasons,"  Klein  says.  Alas,  the  decisions  of  the  judges  are  final,  but  you  can 
rest  assured  that  these  test  results  will  not  become  part  of  your  permanent  record. 

Want  to  brag  about  acing  the  test?  The  address  is  buzz@nww.com. 
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WE  EAT  WORMS 


FOR  MONEY. 


Seriously. 

You  have  enough  on  your  plate  already. 

Yet  e-mail  security  keeps  getting 
more  out  of  control.  Worms,  spam,  user 
licensing,  viruses,  spy  ware,  pornography, 
malware,  updating.  It’s  an  expensive  and 
endless  headache.  And  the  stakes  get 
higher  every  day.  Today,  8  out  of  10 
businesses  get  hit.'  And  e-mail  viruses 
alone  are  responsible  for  more  than  $10 
billion  in  lost  productivity.2 

It’s  time  this  problem  got  solved.  Not 
just  for  big  businesses,  but  for  any  size 
business.  Not  just  for  this  platform  or  that. 
And  not  by  making  already  overworked 
IT  people  run  CDs  from  PC  to  PC  during 
virus  frenzies.  It’s  time  for  something  new. 

It’s  time  lor  e-mail  security  as  a  service. 

Getting  e-mail  security  from  IBM  is 
now  a  bout  as  easy  as  getting  ca  ble  TV.  You 
call  l  BM  or  sign  up  on  the  Web,  and  1 BM 


does  the  rest.  It’s  that  simple. 

Starting  at  $1.80  per  e-mail  address, 
per  month,  the  IBM  Express  e-mail 
security  service  filters  out  spam  and 
intercepts  viruses,  pornography  and 
malware  before  they  ever  get  to  your 
network.  And,  because  it’s  a  service,  you 
don't  have  to  buy.  upgrade  or  manage  any 
software  or  hardware. 

Security  goes  from  chronic  fear  to 
IBM-grade  reassurance.  Licensing  and 
upgrades  become  a  thing  of  the  past.  So 
do  unplanned  costs.  Three  less  things 
to  worry  about.  Just  like  that.  For  any 
size  company. 

Soon,  everyone  will  buy  security  as  a 
service.  To  help  you  get  there,  you  can  try 
IBM  Express  e-mail  security  service  at  no 
charge  for  30  days.* 

To  learn  more,  call  1-866-672*9354  or 
visitibm.com/husinesscenter/securitv26 


30  DAY  TRIAL.  CALL  1-866-672-9354 
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bursting  at  the  seams.  The  Sun  StorageTek  StreamLine 
amount  of  data  into  a  smaller  area,  so  you  can  manage  unprec 
fact,  it’s  20%  smaller  than  the  competition,  so  you  save 
finance  can'scate  comfortably  to  the  growing  demands  of  your  b 

r."  Share.  Visit  sun.com/storaaetek/SLsoo. 


